# Copyright (c) 2014-2021 Maltrail developers (https://github.com/stamparm/maltrail/) # See the file 'LICENSE' for copying permission # Aliases: Emotet, Heodo, Geodo # Reference: https://twitter.com/_lockhum/status/1221213324525867008 66.210.228.178:443 66.210.228.178:80 # Reference: https://twitter.com/_lockhum/status/1221245124707078144 50.252.121.146:85 dvr.petcp.com # Reference: https://twitter.com/500mk500/status/1221353819059167233 116.247.95.206:443 116.247.95.206:80 # Reference: https://twitter.com/500mk500/status/1221354099058401280 77.230.243.54:75 1c26.dyndns.org # Reference: https://twitter.com/500mk500/status/1221355282971942914 217.77.171.230:8090 # Reference: https://twitter.com/500mk500/status/1221355851795046400 186.52.202.49:1216 vigilantepadre.dvrdns.org # Reference: https://twitter.com/500mk500/status/1221359005655805953 201.159.153.38:8080 geracaokids.jflddns.com.br # Reference: https://twitter.com/500mk500/status/1221360316740775937 190.158.245.105:9022 # Reference: https://twitter.com/_lockhum/status/1221620873779609602 158.255.30.100:443 158.255.30.100:80 # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Emotet#tab=2 # Reference: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Spammer:Win32/Cetsiol.A#tab=2 # Reference: http://www.securityhome.eu/malware/malware.php?mal_id=1193064972549a82b0400072.08119525 ajeyftrjqeashgda.mobi bardubar.com cryspellingslaveseducation.eu distrbilko.pw labamito.ru likesomessfortelr.eu mail.ps4hacked.es naimjax.ru qwuyegasd3edarq6yu.org thehappylattersforallpeopleoftheworld.eu usportrock.ru www6067ug.sakura.ne.jp # Reference: https://pastebin.com/csipUv2z http://regionsnews.net/OEqhU8Lg5 http://barcounterstools.info/gwzel4FlN0 http://latemia.com.br/obrqY699Rj http://bestofcareer.com/clwPPAOykd http://reelcreations.ie/KAqmCDJk http://seaweldci.com/ADR http://seilanithih.com.kh/Rfg0JO1 http://sunflowerschoolandcollege.com/ibb/papkaa17/OWFktY http://dealtimer.com/AsIn9 http://abujarealproperties.com/fl http://zippyrooter.com/lvUg6HFdC http://puntoyaparteseguros.com/B9P3zyHmix http://fastinternet.net.au/WDnndUN http://mebel-m.com.ua/HuvTFu8 http://tomas.datanom.fi/testlab/YHMLRXJ http://aliu-rdc.org/QwWKYJxM http://2idiotsandnobusinessplan.com/wC7 http://7naturalessences.com/DFaSvtrS http://hostmktar.com/mP http://benimdunyamkres.com/v0vig1G1 http://alpharockgroup.com/HT http://adminflex.dk/l5TF6w http://gailong.net/X5AyWfJG http://shunji.org/logsite/TJaaB http://binar48.ru/OtTlVIU5 http://tonda.us/nK8Gqwgp8 http://acejapan.net/gTFikCcVIF http://www.finspangonline.se/qpSw0SD http://yazilimextra.com/jHQNAQVM9 http://tpms.net.pl/gXJTQL6qMO http://ysd63.com/xw0jDX http://exclusiv-residence.ro/IuWn6 http://leizerstamp.ir/zqiQcpE http://firstchoicetrucks.net/kCV0l http://olsenelectric.com/zVz4iwC # Reference: https://www.malware-traffic-analysis.net/2018/08/16/index2.html theeunload.website mykeeptake.xyz # Reference: https://www.virustotal.com/#/domain/bizercise.top bizercise.top # Reference: https://blog.talosintelligence.com/2019/03/threat-roundup-for-mar-01-to-mar-08.html (Doc.Downloader.Emotet-6878774-0) uka.me woelf.in # Reference: https://twitter.com/Cryptolaemus1/status/1113429409946644480 # Reference: https://pastebin.com/raw/DZd2628u 192.186.96.125:8080 83.110.216.26:8443 189.159.103.149:8080 200.126.225.56:8080 189.190.169.221:7080 104.236.135.119:8080 162.243.125.212:8080 217.13.106.160:7080 5.230.147.179:8080 64.13.225.150:8080 94.76.200.114:8080 212.122.71.196:995 174.93.130.148:8443 181.92.117.141:993 133.242.156.30:7080 91.92.191.134:8080 63.77.201.245:443 69.198.17.7:8080 181.39.51.243:993 27.130.153.101:53 187.189.195.208:8443 174.106.108.31:80 60.49.36.149:50000 70.57.82.196:80 62.75.187.192:8080 95.128.43.213:8080 73.217.113.111:80 87.106.139.101:8080 211.63.71.72:8080 173.255.250.241:443 190.161.186.116:80 178.62.37.188:443 175.100.138.82:22 201.220.152.101:80 208.78.100.202:8080 167.114.210.191:8080 204.184.25.150:143 184.22.6.124:7080 45.33.49.124:443 201.152.34.208:995 85.104.59.244:20 103.12.133.7:8080 203.210.237.200:993 87.106.210.123:80 45.123.3.54:443 173.255.196.209:8080 138.201.140.110:8080 78.186.5.109:443 105.101.6.219:8080 186.4.234.27:443 83.222.124.62:8080 187.198.57.250:7080 147.135.210.39:8080 24.63.218.229:80 50.31.0.160:8080 67.205.149.117:443 # Reference: https://twitter.com/makflwana/status/1085118389633175555 87.207.58.148:20 # Reference: https://twitter.com/pollo290987/status/1114007607352725504 103.12.133.7:8080 104.2.2.153:8080 104.236.135.119:8080 104.236.24.85:443 105.101.6.219:8080 105.225.191.133:80 106.51.237.174:50000 109.104.79.48:8080 109.73.52.242:8080 110.169.107.239:443 114.79.191.12:20 115.254.91.178:7080 115.74.214.134:443 120.63.130.239:465 125.99.106.225:80 133.242.156.30:7080 136.49.87.106:80 138.201.140.110:8080 138.68.139.199:443 139.59.19.157:80 144.76.117.247:8080 147.135.210.39:8080 154.120.228.126:8080 162.243.125.212:8080 165.227.213.173:8080 167.114.210.191:8080 171.101.196.138:80 173.255.196.209:8080 173.255.250.241:443 174.106.108.31:80 174.93.130.148:8443 175.100.138.82:22 176.58.93.123:8080 178.62.37.188:443 179.8.124.11:443 181.118.101.22:8080 181.15.177.100:443 181.16.4.180:80 181.170.252.83:80 181.170.93.38:8080 181.39.51.243:993 181.44.231.127:443 181.56.165.97:53 181.92.117.141:993 182.176.184.81:22 183.82.1.142:7080 184.160.113.4:993 184.22.6.124:7080 184.95.192.237:80 185.191.177.79:143 185.86.148.222:8080 186.139.160.193:8080 186.4.234.27:443 187.153.103.175:443 187.189.195.208:8443 187.189.210.143:80 187.198.57.250:7080 187.228.144.250:143 187.234.36.129:8443 188.51.153.187:993 189.148.145.183:50000 189.150.218.69:8080 189.156.223.10:20 189.159.103.149:8080 189.186.208.24:8443 189.190.169.221:7080 189.208.239.98:443 189.222.167.65:20 189.252.110.239:443 189.252.15.206:443 190.0.32.206:8080 190.104.229.114:8090 190.117.206.153:443 190.117.82.103:443 190.128.26.2:80 190.146.86.180:443 190.15.198.47:80 190.161.186.116:80 190.18.153.249:80 190.18.219.56:443 190.185.241.151:443 190.186.70.146:21 190.230.219.95:20 190.35.109.41:990 190.36.237.47:8443 190.96.118.53:443 190.97.219.241:80 192.155.90.90:7080 192.163.199.254:8080 192.186.96.125:8080 192.228.158.238:443 197.248.67.226:8080 197.88.12.80:53 200.114.142.40:8080 200.125.190.126:8080 200.126.225.56:8080 201.110.165.146:8443 201.138.11.223:8080 201.146.85.239:22 201.152.34.208:995 201.152.64.25:20 201.165.102.49:443 201.170.241.239:8080 201.220.152.101:80 201.236.95.82:80 201.239.154.191:443 201.97.91.217:443 203.210.237.200:993 204.138.46.166:7080 204.184.25.150:143 208.180.246.147:80 208.78.100.202:8080 209.159.244.240:443 210.2.86.72:8080 211.105.238.226:80 211.63.71.72:8080 212.122.71.196:995 212.31.106.90:22 216.221.73.45:443 217.13.106.160:7080 217.165.84.16:7080 217.165.84.98:20 219.94.254.93:8080 23.254.203.51:8080 24.137.254.148:80 24.63.218.229:80 2.50.4.159:443 27.130.153.101:53 37.209.252.121:80 41.227.243.107:80 41.71.19.150:80 43.229.62.186:8080 45.123.3.54:443 45.33.49.124:443 47.202.17.6:80 50.250.136.225:80 50.31.0.160:8080 51.255.50.164:8080 5.230.147.179:8080 5.9.128.163:8080 59.91.30.53:443 60.49.36.149:50000 61.2.56.167:80 62.75.143.100:7080 62.75.187.192:8080 63.77.201.245:443 64.13.225.150:8080 66.115.90.48:80 66.209.69.165:443 67.205.149.117:443 67.206.210.18:80 67.241.81.253:8443 68.191.37.107:80 69.163.33.82:8080 69.198.17.7:8080 70.184.8.94:80 70.57.82.196:80 71.11.157.249:80 72.47.248.48:8080 73.217.113.111:80 74.36.4.206:80 78.186.5.109:443 80.82.62.9:443 81.134.59.36:8080 81.22.137.186:8080 82.226.163.9:80 82.73.220.225:80 83.110.216.26:8443 83.110.80.67:22 83.222.124.62:8080 85.104.184.242:8080 85.104.59.244:20 87.106.139.101:8080 87.106.210.123:80 88.254.240.194:80 89.188.124.145:443 89.211.193.18:80 91.205.215.57:7080 91.92.191.134:8080 92.154.101.154:50000 92.48.118.27:8080 94.250.55.138:443 94.76.200.114:8080 95.128.43.213:8080 95.42.189.34:443 96.64.191.13:80 99.243.127.236:80 # Reference: https://twitter.com/ozuma5119/status/1123474884221382656 http://117.196.47.110/teapot/badge/ringin/merge/ # Reference: https://twitter.com/ozuma5119/status/1127619333444730886 tamsuamy.com 66.84.11.168:8080 # Reference: https://twitter.com/P3pperP0tts/status/1135976656751996928 142.4.198.249:7080 162.243.125.212:8080 170.150.11.245:8080 # Reference: https://twitter.com/bry_campbell/status/1164689134012833792 # Reference: https://pastebin.com/raw/7Kq2e1ik 104.131.11.150:8080 104.131.208.175:8080 104.236.151.95:7080 142.93.88.16:443 144.139.247.220:80 159.89.179.87:7080 162.144.119.216:8080 162.243.125.212:8080 170.150.11.245:8080 176.31.200.130:8080 177.242.214.30:80 187.163.180.243:22 195.242.117.231:8080 216.98.148.156:8080 217.13.106.160:7080 31.12.67.62:7080 45.123.3.54:443 45.32.158.232:7080 46.101.142.115:8080 46.105.131.69:443 64.13.225.150:8080 69.45.19.145:8080 70.32.84.74:8080 75.127.14.170:8080 91.83.93.103:7080 # Reference: https://www.virustotal.com/gui/file/09007a7ee335c0556b4a519596b589f55a0451ac540d5bbfd009f58bd9cdeb69/detection # Reference: https://app.any.run/tasks/f78c73cb-c3b2-4ea1-a50e-187a3545eb57/ 176.113.82.144:443 realty4rent.hk # Reference: https://app.any.run/tasks/1c298a26-6a84-425f-bc1e-d37438a3ef58/ /guids/xian/ringin/ # Reference: https://twitter.com/MalwareBlueTeam/status/1171447070307188738 # Reference: https://app.any.run/tasks/ad2a8ad2-884e-4971-93bb-628305633af7/ cwbsa.org greatvacationgiveaways.com ulukantasarim.com # Reference: https://twitter.com/JAMESWT_MHT/status/1173526753308020736 # Reference: https://app.any.run/tasks/d488ee5e-8fac-47b1-b60c-56a6e39dbd89/ 179.24.118.93:990 190.55.39.215:80 190.55.86.138:8443 /ringin/usbccid/ # Reference: https://twitter.com/reecdeep/status/1173858862467883008 179.12.170.88:8080 /ringin/merge/ # Reference: https://twitter.com/Paladin3161/status/1173758599442468864 alldc.pw dentalsearchsolutions.com dywanypers.pl keqiang.pro playasrivieramaya.com # Reference: https://twitter.com/SethKingHi/status/1173825828053872641 139.59.242.76:8080 149.202.153.251:8080 159.69.211.211:7080 181.230.126.152:8090 190.13.146.47:443 190.92.103.7:80 192.241.175.184:8080 203.150.19.63:443 216.154.222.52:7080 69.164.216.124:8080 93.78.205.196:443 # Reference: https://twitter.com/killamjr/status/1173960346572378112 59055.cn larissalinhares.com.br robotechcity.com toptarotist.nl xinlou.info # Reference: https://twitter.com/lazyactivist192/status/1173983779981012994 # Reference: https://pastebin.com/ya09DEzC 103.97.95.218:143 104.131.11.150:8080 104.236.246.93:8080 109.104.79.48:8080 109.169.86.13:8080 117.197.124.36:443 123.168.4.66:22 136.243.177.26:8080 138.201.140.110:8080 138.68.106.4:7080 142.44.162.209:8080 144.139.247.220:80 149.202.153.252:8080 149.62.173.247:8080 151.80.142.33:80 159.203.204.126:8080 159.65.241.220:8080 159.65.25.128:8080 162.243.125.212:8080 169.239.182.217:8080 173.212.203.26:8080 175.100.138.82:22 177.246.193.139:20 178.254.6.27:7080 178.62.37.188:443 178.79.161.166:443 178.79.163.131:8080 179.32.19.219:22 179.62.18.56:443 181.143.53.227:21 181.188.149.134:80 181.36.42.205:443 181.81.143.108:80 182.176.106.43:995 182.176.132.213:8090 182.76.6.2:8080 183.82.97.25:80 183.87.87.73:80 185.129.92.210:7080 185.86.148.222:8080 185.94.252.13:443 186.4.172.5:443 186.4.172.5:8080 186.4.194.153:993 186.83.133.253:8080 187.155.233.46:443 187.188.166.192:80 188.166.253.46:8080 189.209.217.49:80 190.1.37.125:443 190.117.206.153:443 190.145.67.134:8090 190.186.203.55:80 190.19.42.131:80 190.200.64.180:7080 190.221.50.210:8080 190.226.44.20:21 190.230.60.129:80 190.53.135.159:21 198.199.106.229:8080 198.199.88.162:8080 200.21.90.6:8080 200.57.102.71:8443 200.58.171.51:80 201.163.74.202:443 201.212.57.109:80 201.250.11.236:50000 203.25.159.3:8080 206.189.98.125:8080 211.63.71.72:8080 212.71.234.16:8080 217.113.27.158:443 217.160.182.191:8080 217.199.175.216:8080 222.214.218.192:8080 23.92.22.225:7080 31.12.67.62:7080 31.172.240.91:8080 37.157.194.134:443 37.208.39.59:7080 41.220.119.246:80 45.123.3.54:443 45.33.49.124:443 46.105.131.87:80 46.21.105.59:8080 46.29.183.211:8080 5.196.35.138:7080 5.77.13.70:80 59.152.93.46:443 62.210.142.58:8080 62.75.143.100:7080 62.75.187.192:8080 64.13.225.150:8080 75.127.14.170:8080 77.245.101.134:8080 77.55.211.77:8080 78.188.105.159:21 78.24.219.147:8080 79.127.57.42:80 79.143.182.254:8080 80.85.87.122:8080 81.169.140.14:443 85.104.59.244:20 86.42.166.147:80 86.98.25.30:53 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 88.156.97.210:80 88.250.223.190:8080 89.188.124.145:443 91.205.215.57:7080 91.205.215.66:8080 91.83.93.103:7080 91.83.93.124:7080 91.92.191.134:8080 92.222.125.16:7080 92.222.216.44:8080 94.205.247.10:80 95.128.43.213:8080 # Reference: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/ # Reference: https://otx.alienvault.com/pulse/5d8a324eb4ec65a6ab67f511 62.75.171.248:7080 cia.com.py # Reference: https://twitter.com/reecdeep/status/1179310971761901570 # Reference: https://pastebin.com/stDdCGt8 80.240.141.141:7080 /child/free/ringin/ # Reference: https://www.virustotal.com/gui/file/985c26006ec5b38ff8c77239ccd33f1019918282c4cb50e541a58bcf8267d7bd/detection 67.225.229.55:8080 # Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html 109.104.79.48:8080 109.169.86.13:8080 114.79.134.129:443 119.159.150.176:443 119.59.124.163:8080 119.92.51.40:8080 123.168.4.66:22 138.68.106.4:7080 139.5.237.27:443 149.62.173.247:8080 151.80.142.33:80 159.203.204.126:8080 170.84.133.72:7080 170.84.133.72:8443 178.249.187.151:8080 178.79.163.131:8080 179.62.18.56:443 181.123.0.125:80 181.167.53.209:80 181.188.149.134:80 181.230.212.74:80 181.36.42.205:443 183.82.97.25:80 184.69.214.94:20 185.187.198.10:8080 185.86.148.222:8080 186.0.95.172:80 186.83.133.253:8080 187.155.233.46:443 187.188.166.192:80 187.199.158.226:443 187.199.158.226:7080 187.235.239.214:8080 189.166.68.89:443 189.187.141.15:50000 190.1.37.125:443 190.104.253.234:990 190.117.206.153:443 190.158.19.141:80 190.200.64.180:7080 190.221.50.210:8080 190.230.60.129:80 190.230.60.129:8080 190.38.14.52:80 200.21.90.6:8080 200.57.102.71:8443 200.58.171.51:80 201.163.74.202:443 201.184.65.229:80 201.214.74.71:80 203.25.159.3:8080 211.229.116.97:80 212.71.237.140:8080 217.113.27.158:443 217.199.160.224:8080 217.199.175.216:8080 23.92.22.225:7080 46.163.144.228:80 46.21.105.59:8080 46.28.111.142:7080 46.29.183.211:8080 46.41.134.46:8080 46.41.151.103:8080 5.196.35.138:7080 5.77.13.70:80 50.28.51.143:8080 51.15.8.192:8080 62.75.143.100:7080 62.75.160.178:8080 71.244.60.230:7080 71.244.60.231:7080 77.245.101.134:8080 77.55.211.77:8080 79.143.182.254:8080 80.240.141.141:7080 80.85.87.122:8080 81.169.140.14:443 86.42.166.147:80 87.106.77.40:7080 88.250.223.190:8080 89.188.124.145:443 91.205.215.57:7080 91.83.93.124:7080 66.228.32.31:443 198.50.170.27:8080 216.98.148.157:8080 101.187.237.217:20 103.255.150.84:80 103.97.95.218:143 104.131.11.150:8080 104.236.246.93:8080 119.15.153.237:80 136.243.177.26:8080 138.201.140.110:8080 142.44.162.209:8080 144.139.247.220:80 149.167.86.174:990 149.202.153.252:8080 159.65.25.128:8080 162.144.47.94:7080 169.239.182.217:8080 173.212.203.26:8080 177.246.193.139:20 178.254.6.27:7080 178.79.161.166:443 179.32.19.219:22 180.183.112.185:21 181.143.194.138:443 181.143.53.227:21 182.176.106.43:995 182.176.132.213:8090 182.76.6.2:8080 185.142.236.163:443 185.94.252.13:443 186.4.172.5:443 186.4.172.5:8080 186.75.241.230:80 187.144.189.58:50000 188.166.253.46:8080 189.209.217.49:80 190.106.97.230:443 190.108.228.48:990 190.145.67.134:8090 190.18.146.70:80 190.186.203.55:80 190.211.207.11:443 190.226.44.20:21 190.228.72.244:53 190.53.135.159:21 199.19.237.192:80 200.21.90.6:80 200.71.148.138:8080 201.251.43.69:8080 206.189.98.125:8080 211.63.71.72:8080 212.129.24.82:8080 212.71.234.16:8080 217.145.83.44:80 217.160.182.191:8080 222.214.218.192:8080 24.51.106.145:21 27.147.163.188:8080 31.12.67.62:7080 31.172.240.91:8080 37.157.194.134:443 41.220.119.246:80 45.123.3.54:443 45.33.49.124:443 46.105.131.87:80 47.41.213.2:22 5.196.74.210:8080 62.75.187.192:8080 63.142.253.122:8080 77.237.248.136:8080 78.188.105.159:21 78.24.219.147:8080 80.11.163.139:21 80.11.163.139:443 83.136.245.190:8080 85.104.59.244:20 85.106.1.166:50000 86.98.25.30:53 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 88.156.97.210:80 88.247.163.44:80 91.205.215.66:8080 92.222.125.16:7080 92.222.216.44:8080 94.205.247.10:80 95.128.43.213:8080 46.105.131.69:443 176.31.200.130:8080 104.131.58.132:8080 108.179.216.46:8080 110.36.234.146:80 113.52.135.33:7080 115.88.70.226:7080 125.99.61.162:7080 138.197.140.163:8080 139.59.242.76:8080 143.95.101.72:8080 148.240.52.172:80 152.170.220.95:80 162.214.27.219:7080 162.241.232.82:8080 176.58.93.123:80 178.249.187.150:7080 179.62.18.56:443 181.113.229.139:990 181.165.150.211:143 181.230.126.152:8090 181.55.171.237:8080 186.10.16.244:53 186.117.174.26:80 186.29.155.101:50000 186.93.167.147:443 190.117.206.153:443 190.13.146.47:443 190.55.39.215:80 190.55.86.138:8443 190.92.103.7:80 190.96.118.15:443 194.50.163.106:8080 197.211.244.6:443 200.114.134.8:20 201.244.125.210:995 203.150.19.63:443 216.154.222.52:7080 216.70.88.55:8080 41.60.202.26:22 45.33.1.161:8080 46.32.229.152:8080 5.189.148.98:8080 51.38.134.203:8080 70.45.30.28:80 78.109.34.178:443 83.169.33.157:8080 93.78.205.196:443 94.177.253.126:80 178.32.255.133:443 198.46.150.196:7080 # Reference: https://paste.cryptolaemus.com/emotet/2019/09/26/emotet-malware-IoCs_09-26-19.html tamariaclinic.com/blog/po22/ a3infra.com/config.charge/92/ kairod.com/4rvg/fg19/ weifanhao.com/wp-admin/mm6zz6158/ aladilauto.com/wp-admin/o273wu4/ marchekit.com/wp-admin/oaxj1/ matteogiovanetti.com/wp-admin/264/ fntc-test.xcesslogic.com/wp-content/3b7s9209/ m.alahmads.com/wordpress/h5ut582/ ejob.magnusideas.com/cgi-bin/i5834/ otc-manila.com/wp-admin/q2zht7567/ mti.shipindia.com/wp-admin/css/21nd31328/ wisdomabc.com/css/wm8fu9190/ reportingnew.xyz/wordpress/3f0880/ metaphysicalhub.com/bkp_08092019/9nvo876799/ gg4.devs-group.com/amdcwdp/YPRqWcJFaE/ tlbplanning.org/wp-admin/KqrBgDoSq/ eternalsea.cn/qfpka0q/tPeJNBsE/ banglaay.com/wp-includes/VRVWLAbrjy/ shizizmt.com/jr/633mjf4w8_54d4cu-209964833/ aplikasi.bangunrumah-kita.com/b8kee0mj/0m3l_clo7kkcub-76/ altaikawater.com/wp-admin/4jh8s_sxm6m3eec-441/ antoinegimenez.com/css/hUgHbaEf/ auto-moto-ecole-vauban.fr/wp-admin/ww42_lwln3c-1236328628/ avant2017.amsi-formations.com/prog/skzHGQddV/ cheaptrainticket.cogbiz-infotech.com/cgi-bin/9vsx4g6l_p5x29co-43731795/ gsfcloud.com/fir/qx88b0qgfq_tdpfmobexf-881829012/ fabiogutierrez.com.br/loja/bEZYtLkJGj/ gruasasuservicio.com/cgi-bin/YdFmLIEsIB/ itf.palemiya.com/wp-includes/IIswblOCV/ moda.9l.pl/calendar/HugncgqxUR/ sweetmagazine.org/wp-admin/z0jxuhjao_n6me674y8i-3862/ precisieving.com/wp-admin/db090yl5_bwwmv-86392/ ucomechina.com/wp-content/aVMBsBCy/ your-event.es/mailin/OgXcBNiq/ lensakaca21.com/wp-admin/dBfxiIyp/ ithync.net/wp-includes/tyyYyGS/ blog.coopealbaterense.es/wp-admin/dnf3-nl9qg-869655/ lumiinx.eu/inc/prevents/addtosavedlist/nStxFTJB/ lupusvibes.ca/wp-admin/jnmvgio-dsl-6986784805/ cielouvert.fr/syvhqw1/nkch-nzf59az7e-99571/ demo.magerase.co.uk/wp-admin/wKpBbWmF/ accountingtoindia.com/fhsao/txsp1-fcy9gfh-11178860/ diawan.club/wordpress/ZnbSfWu/ lelecars.it/wp-admin/khrufjms-sijs5jz1e3-532825/ notiwebs.xyz/wordpress/vBfQVN/ ocstudio.tv/wp-admin/qWhNBtEM/ dulich.goasiatravel.com/wp-admin/mCXZnnARx/ www.hellotech.io/fivestar/vHYxCPeDd/ hospitalitysource.co.uk/test/lohXuP/ mobasara13.zahidulzibon.com/hyi/iGIuWmPa/ munishjindal.com/wp-content/tIZtULuZv/ cowabungaindustries.com/cgi-bin/hv3g9x-hkzj-9002618725/ sgiff.com/css/ixuc3k-wus7v022j-4995897081/ thesafeplace.net/wp/AsHrwMT/ # Reference: https://twitter.com/BarryShooshooga/status/1182535664643923968 mayurpai.com mastersjarvis.com nyc.rekko.com lagriffeduweb.com onickdoorsonline.com # Reference: https://any.run/report/06f1f3ab993e994fe2b14126c50f009854081f55e52e26d5f0e2a325c5c5280f/e304cf8f-c3e5-4c03-a37d-2eb47266e450 offmaxindia.com # Reference: https://github.com/silence-is-best/c2db#emotet 69.162.169.173:8080 # Reference: https://twitter.com/D3LabIT/status/1182633589764165640 # Reference: https://app.any.run/tasks/e6e252dc-6a94-4e61-ae21-a581beee5114/ # Reference: https://pastebin.com/zKBnkxqq http://110.36.234.146 http://191.82.16.60 91.83.93.105:8080 110.36.234.146:80 191.82.16.60:80 91.83.93.105:8080 216.98.148.181:8080 68.183.190.199:8080 190.230.60.129:80 183.82.97.25:80 114.79.134.129:443 89.188.124.145:443 178.79.163.131:8080 76.69.29.42:80 87.106.77.40:7080 178.249.187.151:8080 62.75.143.100:7080 201.163.74.202:443 62.75.160.178:8080 181.188.149.134:80 186.0.95.172:80 217.199.160.224:8080 203.25.159.3:8080 189.160.49.234:8443 190.104.253.234:990 71.244.60.230:7080 159.203.204.126:8080 71.244.60.231:7080 142.93.82.57:8080 46.41.151.103:8080 138.68.106.4:7080 5.1.86.195:8080 149.62.173.247:8080 170.84.133.72:7080 190.230.60.129:8080 190.97.30.167:990 190.85.152.186:8080 200.58.171.51:80 51.15.8.192:8080 190.158.19.141:80 91.83.93.124:7080 139.5.237.27:443 123.168.4.66:22 81.169.140.14:443 187.188.166.192:80 212.71.237.140:8080 186.1.41.111:443 77.245.101.134:8080 181.29.101.13:8080 181.44.166.242:80 185.86.148.222:8080 86.42.166.147:80 190.221.50.210:8080 94.183.71.206:7080 181.36.42.205:443 170.84.133.72:8443 68.183.170.114:8080 79.129.0.173:8080 184.69.214.94:20 189.180.243.255:8080 200.57.102.71:8443 109.104.79.48:8080 185.187.198.10:8080 80.85.87.122:8080 181.143.101.18:8080 119.59.124.163:8080 46.163.144.228:80 50.28.51.143:8080 88.250.223.190:8080 190.38.14.52:80 119.159.150.176:443 5.77.13.70:80 200.51.94.251:143 82.196.15.205:8080 201.199.93.30:443 5.196.35.138:7080 46.28.111.142:7080 125.99.61.162:7080 189.166.68.89:443 151.80.142.33:80 79.143.182.254:8080 119.92.51.40:8080 46.101.212.195:8080 46.29.183.211:8080 91.205.215.57:7080 190.10.194.42:8080 77.55.211.77:8080 109.169.86.13:8080 190.1.37.125:443 # Reference: https://app.any.run/tasks/a30f1cfa-5088-4993-9435-58e2df1791a9/ 181.16.17.210:443 chefchaouen360.com faithmontessorischools.com japanesepdf.com # Reference: https://twitter.com/blackorbird/status/1191185536372920320 46.105.131.68:8080 # Reference: https://medium.com/@vishal_29486/emotet-sep-2019-wk-3-c2i-urls-f3bb8b10e17f http://95.42.189.34/rtm/child/ http://41.227.243.107/child/report/publish/ http://190.18.153.249/json/ http://189.150.218.69/loadan/ http://104.236.135.119/site/tlb/ http://162.243.125.212/schema/loadan/ http://217.13.106.160/teapot/jit/publish/ http://5.230.147.179/guids/img/ http://64.13.225.150/publish/nsip/ http://95.128.43.213/raster/srvc/publish/ http://187.234.36.129/ringin/ http://37.209.252.121/taskbar/schema/publish/enabled/ http://211.63.71.72/xian/vermont/publish/enabled/ http://174.93.130.148/results/enable/publish/ http://83.110.80.67/site/devices/publish/enabled/ http://50.31.0.160/devices/cookies/publish/enabled/ http://175.100.138.82/enabled/dma/ http://190.128.26.2/attrib/odbc/publish/ http://45.123.3.54/ringin/balloon/publish/enabled/ http://78.186.5.109/raster/codec/publish/ http://69.198.17.7/cookies/ http://50.250.136.225/ban/teapot/ http://24.63.218.229/merge/rtm/ http://217.165.84.98/balloon/acquire/ http://106.51.237.174/entries/raster/ http://167.114.210.191/devices/window/publish/ http://45.33.49.124/attrib/ http://147.135.210.39/cone/ http://94.76.200.114/psec/ http://96.64.191.13/devices/ http://190.161.186.116/guids/ http://201.220.152.101/cone/ http://67.205.149.117/balloon/forced/ http://133.242.156.30/badge/loadan/publish/ http://201.152.64.25/walk/free/publish/enabled/ http://70.57.82.196/scripts/add/publish/ http://138.201.140.110/acquire/ http://201.236.95.82/mult/ringin/publish/enabled/ http://186.4.234.27/codec/sess/publish/ http://114.79.191.12/merge/ http://190.36.237.47/free/chunk/ http://189.252.110.239/tpt/schema/publish/enabled/ http://190.97.219.241/add/ http://92.154.101.154/between/ http://201.170.241.239/cone/iplk/publish/enabled/ http://85.104.59.244/enable/odbc/publish/enabled/ http://103.12.133.7/loadan/balloon/ http://87.106.139.101/devices/health/publish/enabled/ http://183.82.1.142/merge/splash/publish/ http://212.122.71.196/chunk/ http://87.106.210.123/arizona/ http://62.75.187.192/iab/ http://187.189.195.208/psec/scripts/ http://201.146.85.239/sess/merge/ http://83.222.124.62/badge/enabled/ http://173.255.250.241/usbccid/ http://189.222.167.65/srvc/between/ http://173.255.196.209/nsip/entries/publish/enabled/ http://63.77.201.245/pnp/child/ http://178.62.37.188/srvc/guids/publish/ http://208.78.100.202/pdf/ http://91.92.191.134/scripts/ http://95.42.189.34/json/ http://125.99.106.225/forced/loadan/publish/ http://41.227.243.107/merge/ http://47.41.213.2/between/ban/ http://206.189.98.125/child/json/free/ http://200.21.90.6/raster/ http://187.163.222.244/forced/ http://186.4.234.27/devices/window/free/enabled/ http://190.97.219.241/report/enabled/free/ http://87.106.136.232/tlb/usbccid/ http://213.14.166.152/merge/entries/free/ http://125.99.106.226/guids/ http://60.48.253.12/child/ http://187.189.195.208/acquire/guids/free/enabled/ http://92.154.101.154/enabled/report/free/ http://189.209.217.49/child/results/free/enabled/ http://41.220.119.246/child/forced/ http://217.13.106.160/scripts/arizona/ http://188.166.253.46/jit/loadan/free/ http://162.243.125.212/merge/ http://75.127.14.170/guids/xian/ http://159.65.25.128/arizona/ringin/free/enabled/ http://190.72.136.214/site/srvc/ http://50.99.132.7/badge/publish/ http://50.31.0.160/ringin/chunk/free/enabled/ http://31.172.240.91/dma/schema/free/ http://104.236.99.225/teapot/vermont/free/enabled/ http://46.101.142.115/between/prov/free/enabled/ http://222.214.218.136/taskbar/enable/free/ http://201.199.89.223/walk/ http://85.104.59.244/tlb/cookies/ http://190.25.255.98/site/badge/free/ http://190.145.67.134/balloon/cab/ http://216.98.148.156/iab/health/free/ http://45.123.3.54/prov/site/free/enabled/ http://24.139.205.186/raster/teapot/free/enabled/ http://78.186.5.109/devices/walk/ http://136.243.177.26/json/acquire/free/enabled/ http://120.150.236.64/pdf/raster/free/ http://181.189.213.231/cab/window/free/enabled/ http://187.225.213.90/stubs/enabled/free/ http://88.21.212.13/img/ http://190.75.47.24/enabled/ http://178.152.78.149/enabled/cone/ http://39.61.34.254/balloon/guids/free/enabled/ http://182.176.132.213/mult/symbols/free/ http://138.201.140.110/merge/results/free/ http://186.144.64.31/schema/tlb/free/enabled/ http://91.74.62.86/prep/loadan/ http://178.79.161.166/results/free/free/ http://147.135.210.39/ringin/ http://144.139.247.220/symbols/ http://222.214.218.192/schema/srvc/ http://69.45.19.145/merge/publish/ http://201.220.152.101/iplk/chunk/ http://186.4.167.166/scripts/attrib/free/ http://84.241.10.111/taskbar/prov/free/enabled/ http://162.144.119.216/child/ http://142.93.88.16/splash/ http://31.12.67.62/enabled/cookies/free/enabled/ http://91.83.93.103/cone/ http://104.131.208.175/ringin/ http://62.75.187.192/site/balloon/ http://177.242.214.30/symbols/site/ http://211.248.17.209/usbccid/walk/free/enabled/ http://195.242.117.231/cookies/acquire/free/ http://87.106.139.101/entries/merge/free/ http://94.76.200.114/cookies/sym/free/ http://179.32.19.219/publish/ http://200.85.46.122/acquire/entries/free/ http://169.239.182.217/prov/cone/free/enabled/ http://190.25.255.98/enable/taskbar/free/ http://104.131.11.150/srvc/ http://201.238.152.20/iplk/results/free/ http://190.83.191.92/raster/forced/ http://78.24.219.147/symbols/arizona/ http://179.14.2.75/psec/pdf/free/enabled/ http://59.103.164.174/glitch/nsip/free/ http://71.244.60.230/loadan/sess/free/ http://190.128.26.2/nsip/publish/free/ http://182.176.94.236/pdf/iab/free/enabled/ http://87.230.19.21/pnp/schema/ http://175.100.138.82/badge/vermont/ http://117.218.17.6/loadan/prov/ http://91.205.215.66/pdf/enable/free/ http://187.163.180.243/enabled/iplk/free/enabled/ http://211.63.71.72/report/badge/ http://190.25.255.98/usbccid/cab/free/ http://64.13.225.150/xian/health/free/ http://181.129.30.82/enabled/ http://46.105.131.87/glitch/ http://66.84.11.168/cone/teapot/free/enabled/ http://182.176.94.236/acquire/ http://80.1.76.46/acquire/ http://77.56.253.112/psec/ http://212.71.234.16/merge/ http://95.128.43.213/xian/enabled/free/enabled/ http://167.114.210.191/taskbar/between/free/enabled/ http://177.246.193.139/usbccid/glitch/ http://178.62.37.188/publish/child/ http://174.136.14.100/sym/taskbar/free/ http://78.188.7.213/enabled/report/ http://104.236.246.93/cab/results/free/ http://45.33.49.124/acquire/ http://47.41.213.2/acquire/ http://206.189.98.125/psec/ http://200.21.90.6/walk/xian/free/enabled/ http://187.163.222.244/usbccid/ http://186.4.234.27/symbols/ http://190.97.219.241/arizona/ringin/free/enabled/ http://87.106.136.232/loadan/srvc/ http://213.14.166.152/bml/publish/free/ http://125.99.106.226/add/chunk/free/ http://60.48.253.12/raster/schema/free/enabled/ http://187.189.195.208/rtm/attrib/ http://92.154.101.154/iplk/prov/free/enabled/ http://189.209.217.49/walk/enable/ http://41.220.119.246/enabled/iplk/free/ http://217.13.106.160/child/psec/ http://188.166.253.46/json/dma/free/ http://162.243.125.212/report/odbc/free/ http://75.127.14.170/tpt/balloon/free/enabled/ http://159.65.25.128/splash/splash/free/ http://190.72.136.214/forced/pnp/free/ http://50.99.132.7/ban/ http://50.31.0.160/raster/json/free/enabled/ http://31.172.240.91/splash/raster/free/ http://104.236.99.225/free/scripts/free/enabled/ http://46.101.142.115/usbccid/merge/ http://222.214.218.136/jit/enabled/free/enabled/ http://201.199.89.223/arizona/between/ http://85.104.59.244/taskbar/glitch/free/ http://190.25.255.98/iab/taskbar/free/enabled/ http://190.145.67.134/raster/report/free/ http://216.98.148.156/ringin/ http://45.123.3.54/report/forced/ http://24.139.205.186/srvc/ http://78.186.5.109/free/add/ http://136.243.177.26/psec/stubs/ http://120.150.236.64/guids/ringin/free/ http://181.189.213.231/usbccid/ http://187.225.213.90/iab/publish/free/ http://88.21.212.13/symbols/ http://190.75.47.24/arizona/attrib/free/enabled/ http://178.152.78.149/results/prov/free/ http://39.61.34.254/acquire/iplk/free/ http://182.176.132.213/devices/ http://138.201.140.110/sym/ http://186.144.64.31/publish/ http://91.74.62.86/cone/ http://178.79.161.166/arizona/site/free/enabled/ http://147.135.210.39/arizona/tpt/free/enabled/ http://144.139.247.220/scripts/rtm/pdf/enabled/ http://222.214.218.192/psec/ http://69.45.19.145/sym/ http://201.220.152.101/xian/window/pdf/enabled/ http://186.4.167.166/window/enabled/pdf/ http://84.241.10.111/scripts/ http://162.144.119.216/enable/ http://142.93.88.16/attrib/ http://31.12.67.62/child/child/ http://91.83.93.103/symbols/guids/pdf/ http://104.131.208.175/rtm/report/pdf/enabled/ # Reference: https://any.run/report/55dfe66f79cd29e7d145b2ac8737753c5450f635660e66b5776e97cbe8c1a76c/e8aa6541-b117-4e28-9b0a-7e45587b67d9 191.100.24.201:50000 193.34.144.138:8080 74.208.173.91:8080 46.105.131.68:8080 152.169.32.143:8080 # Reference: https://any.run/report/3cf19ad5c06f025712300a4e93219e0faa35475402fae323b4daa4bbe1ba7bef/eebb6b29-c512-4502-96ea-fafedfd21ecb 189.252.102.40:8080 # Reference: https://any.run/report/90fb407e71334f7ca323d9f6537706d54cafed3bf9538799b79b89658ae067ee/b893ddb7-d8ff-4994-8a7a-644851c4fced 85.234.143.94:8080 204.225.249.100:8080 178.249.187.151:8080 # Reference: https://any.run/report/603d002fe4cd0bd24f19036d9885877062233ffb32309c510f10e86ac1bc9f38/b492d8c0-56ed-48ea-b10e-1147c848753b 104.239.175.211:8080 67.225.179.64:8080 183.102.238.69:465 # Reference: https://twitter.com/malware_traffic/status/1196554607658459136 # Reference: https://app.any.run/tasks/1496c35f-f44a-4913-b7de-847a421bdfe1/ # Reference: https://www.virustotal.com/gui/ip-address/144.76.56.36/relations # Reference: https://www.virustotal.com/gui/ip-address/94.156.35.235/relations 144.76.56.36:8080 65.23.154.17:8080 94.156.35.235:443 # Reference: https://pastebin.com/5iAUEP7J jameslotz.com/wp-admin/k3s20753/ monitoring.bactrack.com/wp-content/cmdz7/ enegix.com/pytosj2jd/v9s7ze3/ jaafarattar.com/pytosj2jd/2re2j5773/ iruainvestments.com/pytosj2jd/0nc76zs40663/ handbookforfairygodmothers.com/yjlsdsd/k3/ yummybox.uk/wp-admin/7Q/ scrapy999.com/cgi-bin/g1oi/ bunifood.com/pytosj2jd/pazg/ eurobizconsulting.it/cgi-bin/9q6ty/ # Reference: https://app.any.run/tasks/68191492-99f0-464f-bb25-dd4f006c2c64/ http://momo2.test.zinimedia.com/medias/2wgtpu56548/ # Reference: https://app.any.run/tasks/dd109624-8140-4935-a10f-da93f909b3cf/ http://astrametals.com/wp-content/im24279/ # Reference: https://app.any.run/tasks/c1a626cf-c6e1-4405-8893-b45fe2b08323/ # Reference: https://app.any.run/tasks/27f879de-fbd3-4b44-89b3-67955cc78a71/ 109.169.86.13:8080 125.99.61.162:7080 142.93.114.137:8080 149.62.173.247:8080 154.120.227.206:8080 159.203.204.126:8080 170.130.31.177:8080 172.104.233.225:8080 178.79.163.131:8080 182.48.194.6:8090 186.23.132.93:990 190.146.131.105:8080 190.195.129.227:8090 190.210.184.138:995 190.97.30.167:990 201.190.133.235:8080 203.25.159.3:8080 212.71.237.140:8080 213.189.36.51:8080 217.199.160.224:8080 50.28.51.143:8080 51.255.165.160:8080 62.75.160.178:8080 68.183.170.114:8080 68.183.190.199:8080 70.32.78.99:8080 77.55.211.77:8080 80.85.87.122:8080 81.213.215.216:50000 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 92.169.250.229:8080 94.183.71.206:7080 # Reference: https://app.any.run/tasks/810d6543-148f-4b1e-8266-b7bf63fb3f18/ 209.97.168.52:8080 217.149.241.121:8080 31.47.234.186:8080 31.47.234.186:8080 37.187.2.199:443 46.101.7.140:8080 50.116.86.205:8080 69.64.67.20:8080 # Reference: https://www.virustotal.com/gui/domain/kids-education-support.com/relations kids-education-support.com # Reference: https://www.virustotal.com/gui/file/811fa8cd3dfb73070dc5c2f646c3b009944c6b4353cbf72a2355986606b1a7a0/detection 185.189.58.222:5050 92.63.197.59:5050 # Reference: https://pastebin.com/LdXdyCGQ 212.71.234.16:8080 78.47.106.72:8080 165.227.156.155:443 192.241.255.77:8080 181.57.193.14:80 86.22.221.170:80 37.187.2.199:443 179.12.170.148:8080 95.128.43.213:8080 59.103.164.174:80 152.89.236.214:8080 78.24.219.147:8080 190.226.44.20:21 104.236.246.93:8080 190.145.67.134:8090 104.239.175.211:8080 46.105.131.87:80 144.139.247.220:80 83.136.245.190:8080 171.101.153.86:990 190.211.207.11:443 104.131.44.150:8080 189.209.217.49:80 186.4.172.5:443 87.106.136.232:8080 87.106.139.101:8080 94.205.247.10:80 181.143.194.138:443 200.71.148.138:8080 186.4.172.5:20 62.75.187.192:8080 169.239.182.217:8080 92.222.216.44:8080 192.241.220.155:8080 87.230.19.21:8080 80.11.163.139:21 182.176.132.213:8090 31.172.240.91:8080 37.157.194.134:443 31.12.67.62:7080 190.53.135.159:21 191.92.209.110:7080 138.201.140.110:8080 45.33.49.124:443 103.39.131.88:80 167.71.10.37:8080 167.99.105.223:7080 85.104.59.244:20 115.78.95.230:443 186.75.241.230:80 67.225.179.64:8080 181.31.213.158:8080 104.131.11.150:8080 212.129.24.79:8080 217.160.182.191:8080 211.63.71.72:8080 159.65.25.128:8080 173.212.203.26:8080 5.196.74.210:8080 183.102.238.69:465 186.4.172.5:8080 178.79.161.166:443 192.81.213.192:8080 176.31.200.130:8080 178.210.51.222:8080 173.249.47.77:8080 91.205.215.66:8080 149.202.153.252:8080 # Reference: https://twitter.com/tkanalyst/status/1199711428082425857 # Reference: https://app.any.run/tasks/4f792e29-48b8-40ae-9e11-6f29c3ac7204/ 104.236.137.72:8080 172.104.233.225:8080 # Reference: https://twitter.com/malware_traffic/status/1199754976748359680 178.63.78.150:8080 192.161.190.171:8080 80.93.48.49:7080 # Reference: https://twitter.com/malware_traffic/status/1199787380477235201 149.202.153.251:8080 222.239.249.166:443 50.63.13.135:8080 80.211.32.88:8080 82.145.43.153:8080 92.119.123.10:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1200047745307951105 # Reference: https://pastebin.com/raw/Sk3z09G0 116.48.142.21:443 12.229.155.122:80 120.150.246.241:80 121.175.14.59:990 125.230.36.147:443 128.65.154.183:443 144.139.56.105:80 164.68.101.171:80 165.228.24.197:80 172.90.70.168:443 177.103.201.23:80 187.144.236.211:443 187.250.92.82:80 190.101.87.170:80 195.244.215.206:80 197.254.221.174:80 2.38.99.79:80 202.226.238.55:80 220.146.36.244:80 41.218.118.66:80 47.187.70.124:443 5.88.182.250:80 72.27.212.209:8080 77.211.249.124:80 77.241.53.234:80 78.15.114.100:80 81.213.145.45:443 85.105.183.228:443 91.73.197.90:80 95.219.199.225:80 # Reference: https://app.any.run/tasks/78fb71f7-e32b-4ab4-9871-5d46465ee886/ # Reference: https://www.virustotal.com/gui/ip-address/190.12.119.180/relations 190.12.119.180:443 # Reference: https://twitter.com/Cryptolaemus1/status/1200388377805279232 # Reference: https://pastebin.com/raw/tKXqac1m 101.187.247.29:80 107.2.2.28:80 109.166.89.91:80 110.143.18.92:80 116.48.138.115:80 118.200.218.193:443 118.201.230.249:80 122.11.164.183:80 186.215.101.106:80 187.233.220.93:443 189.180.105.125:443 190.12.119.180:443 195.191.107.67:80 197.90.159.42:80 200.71.193.220:443 201.183.251.100:80 211.218.105.101:80 213.179.105.214:8080 47.50.251.130:80 60.53.3.153:8080 80.21.182.46:80 80.29.54.20:80 83.110.107.243:443 85.130.127.2:80 98.196.49.107:80 # Reference: https://twitter.com/peric0/status/1200535559615201285 # Reference: https://app.any.run/tasks/92158989-24e1-43df-9cc1-958aadacdce8/ 31.41.221.148:80 5.63.8.237:443 88.198.60.25:80 95.216.124.146:443 artnkrafts.com arvinhayat.com mototorg.com peruorganiconatural.com primekala.com # Reference: https://twitter.com/luc4m/status/1201929340717547520 # Reference: https://pastebin.com/tk8Wj4ya 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 110.143.18.92:80 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 121.175.14.59:990 125.99.61.162:7080 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 14.160.93.230:80 142.127.57.63:8080 142.93.114.137:8080 144.139.56.105:80 149.62.173.247:8080 154.120.227.206:8080 159.203.204.126:8080 163.172.40.218:7080 172.104.233.225:8080 178.79.163.131:8080 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 181.36.42.205:443 181.61.143.177:80 182.48.194.6:8090 183.82.97.25:80 185.86.148.222:8080 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 189.173.113.67:443 190.102.226.91:80 190.146.131.105:8080 190.17.42.79:80 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 190.38.14.52:80 190.4.50.26:80 190.97.30.167:990 191.103.76.34:443 2.38.99.79:80 200.113.106.18:80 200.123.101.90:80 200.124.225.32:80 200.58.83.179:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 203.130.0.69:80 203.25.159.3:8080 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 213.189.36.51:8080 217.199.160.224:8080 37.132.193.19:8080 45.79.95.107:443 46.101.212.195:8080 46.28.111.142:7080 47.146.42.234:80 47.187.70.124:443 5.196.35.138:7080 50.28.51.143:8080 51.255.165.160:8080 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 77.241.53.234:80 77.55.211.77:8080 80.29.54.20:80 80.85.87.122:8080 81.213.215.216:50000 82.196.15.205:8080 82.8.232.51:80 85.234.143.94:8080 86.42.166.147:80 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 95.179.195.74:80 96.20.84.254:7080 98.196.49.107:80 # Reference: https://app.any.run/tasks/5275f984-a656-41d5-b031-496accf03e4b/ 105.227.58.49:80 # Reference: https://pastebin.com/jfsfQ6Cq 1.32.54.12:8080 103.122.75.218:80 103.9.145.19:8080 110.142.161.90:80 113.52.135.33:7080 115.179.91.58:80 119.159.150.176:443 122.11.164.183:80 123.142.37.165:80 124.150.175.129:8080 124.150.175.133:80 138.197.140.163:8080 142.93.87.198:8080 143.95.101.72:8080 152.169.32.143:8080 162.144.46.90:8080 163.172.97.112:8080 172.104.70.207:8080 172.105.213.30:80 172.90.70.168:443 174.57.150.13:8080 176.58.93.123:80 177.103.201.23:80 178.134.1.238:80 181.197.108.171:443 181.44.166.242:80 181.47.235.26:993 182.176.116.139:995 186.215.101.106:80 186.66.224.182:990 187.177.155.123:990 187.233.220.93:443 187.250.92.82:80 188.230.134.205:80 189.225.211.171:443 189.61.200.9:443 190.101.87.170:80 190.161.67.63:80 190.171.135.235:80 190.189.79.73:80 190.5.162.204:80 191.100.24.201:50000 192.161.190.171:8080 192.163.221.191:8080 192.210.217.94:8080 192.241.220.183:8080 193.33.38.208:443 195.191.107.67:80 198.57.217.170:8080 200.71.112.158:53 201.183.251.100:80 201.196.15.79:990 210.111.160.220:80 210.224.65.117:80 211.218.105.101:80 212.112.113.235:80 212.129.14.27:8080 216.75.37.196:8080 221.154.59.110:80 23.253.207.142:8080 24.27.122.202:80 24.28.178.71:80 37.59.24.25:8080 41.218.118.66:80 41.77.74.214:443 45.129.121.222:443 46.105.128.215:8080 46.105.131.68:8080 46.17.6.116:8080 5.189.148.98:8080 50.116.78.109:8080 51.38.134.203:8080 58.93.151.148:80 60.53.3.153:8080 67.171.182.231:80 67.254.196.78:443 69.30.205.162:7080 72.27.212.209:8080 72.69.99.47:80 77.245.12.212:80 78.186.102.195:80 78.46.87.133:8080 81.213.145.45:443 81.82.247.216:80 82.79.244.92:80 83.110.107.243:443 83.156.88.159:80 83.99.211.160:80 85.105.183.228:443 85.109.190.235:443 86.6.123.109:80 89.215.225.15:80 91.117.31.181:80 95.216.207.86:7080 95.216.212.157:8080 98.15.140.226:80 # Reference: https://twitter.com/Jouliok/status/1204348553117798400 # Reference: https://app.any.run/tasks/af64addf-eaec-4936-8ae1-49de48511547/ bigbizyou.fr # Reference: https://www.virustotal.com/gui/file/d7fa60d982e84f82f1e310801990591ad9d518921d338e0d6045555cd9a55abb/detection http://12.176.19.218 # Reference: https://twitter.com/luc4m/status/1204102158012100608 # Reference: https://pastebin.com/B5R4ggig 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 125.99.61.162:7080 130.45.45.31:80 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 14.160.93.230:80 142.127.57.63:8080 142.93.114.137:8080 144.139.56.105:80 144.2.165.179:80 149.135.123.65:80 149.62.173.247:8080 159.203.204.126:8080 163.172.40.218:7080 172.104.233.225:8080 178.79.163.131:8080 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 181.36.42.205:443 181.61.143.177:80 183.82.97.25:80 185.160.212.3:80 185.86.148.222:8080 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 190.102.226.91:80 190.146.131.105:8080 190.17.42.79:80 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 190.38.14.52:80 190.4.50.26:80 190.97.30.167:990 191.103.76.34:443 2.139.158.136:443 2.38.99.79:80 2.44.167.52:80 200.119.11.118:443 200.123.101.90:80 200.124.225.32:80 200.58.83.179:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 202.186.240.165:8080 203.130.0.69:80 203.25.159.3:8080 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 217.199.160.224:8080 37.183.121.32:80 45.50.177.164:80 45.79.95.107:443 46.101.212.195:8080 46.28.111.142:7080 47.146.42.234:80 47.187.70.124:443 5.196.35.138:7080 5.88.27.67:8080 50.28.51.143:8080 51.255.165.160:8080 58.171.181.213:80 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.129.203.162:443 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 77.241.53.234:80 77.55.211.77:8080 79.31.85.103:80 80.29.54.20:80 80.85.87.122:8080 82.196.15.205:8080 82.8.232.51:80 83.165.163.225:80 85.234.143.94:8080 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.204.163.19:8090 91.205.215.57:7080 91.83.93.124:7080 93.67.154.252:443 95.179.195.74:80 96.126.121.64:443 96.20.84.254:7080 96.61.113.203:80 98.196.49.107:80 # Reference: https://app.any.run/tasks/3f80a1bc-55d1-444b-9000-327db827ef8a cigpcl.com http://85.152.208.146 http://68.174.15.223 # Reference: https://twitter.com/Sentry_23/status/1204371815591817216 162.241.92.219:8080 # Reference: https://twitter.com/luc4m/status/1204453473015586816 # Reference: https://pastebin.com/LPpTsymc 2.44.167.52:80 2.139.158.136:443 5.88.27.67:8080 5.196.35.138:7080 14.160.93.230:80 37.183.121.32:80 45.50.177.164:80 45.79.95.107:443 46.28.111.142:7080 46.101.212.195:8080 47.146.42.234:80 47.187.70.124:443 50.28.51.143:8080 51.255.165.160:8080 58.171.181.213:80 62.75.143.100:7080 62.75.160.178:8080 63.246.252.234:80 68.129.203.162:443 68.183.170.114:8080 68.183.190.199:8080 69.163.33.84:8080 72.29.55.174:80 73.167.135.180:80 76.221.133.146:80 77.55.211.77:8080 77.241.53.234:80 79.31.85.103:80 80.29.54.20:80 80.85.87.122:8080 82.8.232.51:80 82.196.15.205:8080 83.165.163.225:80 85.234.143.94:8080 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 87.118.70.69:8080 88.250.223.190:8080 91.83.93.124:7080 91.204.163.19:8090 91.205.215.57:7080 93.67.154.252:443 95.179.195.74:80 96.20.84.254:7080 96.61.113.203:80 96.126.121.64:443 98.196.49.107:80 104.33.129.244:80 104.131.58.132:8080 104.236.137.72:8080 109.166.89.91:80 109.169.86.13:8080 116.48.138.115:80 118.200.218.193:443 119.59.124.163:8080 125.99.61.162:7080 130.45.45.31:80 134.209.214.126:8080 138.68.106.4:7080 139.5.237.27:443 142.93.114.137:8080 142.127.57.63:8080 144.2.165.179:80 144.139.56.105:80 149.62.173.247:8080 149.135.123.65:80 159.203.204.126:8080 163.172.40.218:7080 172.90.70.168:8080 172.104.233.225:8080 178.79.163.131:8080 181.36.42.205:443 181.61.143.177:80 181.135.153.203:443 181.198.203.45:443 181.231.62.54:80 183.82.97.25:80 184.184.202.167:443 185.86.148.222:8080 185.160.212.3:80 186.15.83.52:8080 186.68.48.204:443 188.14.39.65:443 188.216.24.204:80 190.4.50.26:80 190.17.42.79:80 190.38.14.52:80 190.97.30.167:990 190.102.226.91:80 190.146.131.105:8080 190.186.164.23:80 190.195.129.227:8090 190.210.184.138:995 191.103.76.34:443 200.58.83.179:80 200.119.11.118:443 200.123.101.90:80 200.124.225.32:80 201.163.74.202:443 201.190.133.235:8080 201.213.32.59:80 202.186.240.165:8080 203.25.159.3:8080 203.130.0.69:80 204.63.252.182:443 207.154.204.40:8080 212.71.237.140:8080 217.199.160.224:8080 # Reference: https://twitter.com/pollo290987/status/1205363829678518273 /fhdr1acb63nl723f_9uy53v64/index.php # Reference: https://twitter.com/malware_traffic/status/1205171614788313101 96.234.38.186:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1205506348936548353 # Reference: https://pastebin.com/KaWyyr31 1.33.230.137:80 100.14.117.137:80 101.187.134.207:443 101.187.247.29:80 103.86.49.11:8080 104.131.11.150:8080 104.131.44.150:8080 104.236.246.93:8080 104.237.155.168:443 105.227.35.51:80 107.170.24.125:8080 107.2.2.28:80 108.179.206.219:8080 108.191.2.72:80 110.142.38.16:80 110.143.57.109:80 110.143.84.202:80 116.48.142.21:443 12.176.19.218:80 12.229.155.122:80 120.150.246.241:80 128.65.154.183:443 138.59.177.106:443 139.130.241.252:443 144.139.247.220:80 149.202.153.252:8080 159.65.25.128:8080 165.227.156.155:443 165.228.24.197:80 167.114.242.226:8080 167.71.10.37:8080 167.99.105.223:7080 169.239.182.217:8080 173.91.11.142:80 176.106.183.253:8080 176.31.200.130:8080 178.209.71.63:8080 178.210.51.222:8080 179.13.185.19:80 181.57.193.14:80 182.176.132.213:8090 183.102.238.69:465 183.102.238.69:80 186.67.208.78:8080 186.75.241.230:80 188.152.7.140:80 189.209.217.49:80 190.12.119.180:443 190.147.215.53:22 190.220.19.82:443 190.226.44.20:21 190.53.135.159:21 192.241.255.77:8080 195.244.215.206:80 197.254.221.174:80 2.235.190.23:8080 2.38.99.79:80 200.7.243.108:443 201.173.217.124:443 201.184.105.242:443 201.251.133.92:443 206.189.112.148:8080 206.81.10.215:8080 206.81.10.215:80 209.141.54.221:8080 209.97.168.52:8080 210.6.85.121:80 211.63.71.72:8080 212.129.24.79:8080 212.64.171.206:80 217.160.182.191:8080 218.44.21.114:80 24.45.193.161:7080 31.131.182.30:80 31.172.240.91:8080 31.31.77.83:443 37.157.194.134:443 37.59.24.177:8080 45.33.49.124:443 45.51.40.140:80 45.56.88.91:443 46.105.131.87:80 47.156.70.145:80 47.6.15.79:443 47.6.15.79:80 5.196.74.210:8080 5.88.182.250:80 50.116.86.205:8080 58.171.42.66:8080 59.103.164.174:80 61.197.110.214:80 62.75.187.192:8080 64.147.15.138:80 64.53.242.181:8080 66.34.201.20:7080 66.76.63.99:80 67.225.179.64:8080 68.118.26.116:80 70.175.171.251:80 73.11.153.178:8080 73.176.241.255:80 73.214.99.25:80 74.105.102.97:8080 75.80.148.244:80 78.24.219.147:8080 80.21.182.46:80 81.0.63.86:8080 82.155.161.203:80 83.136.245.190:8080 85.72.180.68:80 86.98.156.239:443 87.106.136.232:8080 87.106.139.101:8080 87.230.19.21:8080 91.205.215.66:8080 91.73.197.90:80 92.222.216.44:8080 93.147.141.5:80 95.128.43.213:8080 98.24.231.64:80 # Reference: https://twitter.com/VK_Intel/status/1206497909858078720 # Reference: https://www.virustotal.com/gui/file/de8f44a132a0968356621c69413840b6b259e1d8c7c0708cda5e3b62be4eb787/detection 91.121.89.129:8443 # Reference: https://twitter.com/matte_lodi/status/1207575386835607552 http://63.248.198.8 proyectoin.com # Reference: https://twitter.com/malware_traffic/status/1208205659466092544 24.181.125.62:80 # Reference: https://pastebin.com/4VENH618 1.215.28.101:8080 1.217.126.11:443 1.221.254.82:80 100.14.117.137:80 101.187.134.207:443 101.187.247.29:80 103.108.146.195:80 103.86.49.11:8080 104.131.11.150:8080 104.131.44.150:8080 104.131.58.132:8080 104.137.176.186:80 104.236.137.72:8080 104.236.246.93:8080 105.209.235.113:8080 107.170.24.125:8080 108.179.206.219:8080 108.184.9.44:80 108.191.2.72:80 108.20.69.44:80 109.169.86.13:8080 110.142.161.90:443 110.142.161.90:80 110.142.38.16:80 110.143.84.202:80 110.170.65.146:80 110.2.118.164:80 112.186.195.176:80 112.218.134.227:80 113.190.254.245:80 113.52.135.33:7080 113.61.76.239:80 114.109.179.60:80 114.179.127.48:80 115.179.91.58:80 116.48.142.21:443 118.36.70.245:80 119.59.124.163:8080 12.176.19.218:80 120.150.246.241:80 120.150.247.164:80 120.151.135.224:80 120.51.83.89:443 121.88.5.176:443 122.116.104.238:7080 124.150.175.129:8080 124.150.175.133:80 125.99.61.162:7080 128.65.154.183:443 136.243.250.34:8080 138.122.5.214:8080 138.197.140.163:8080 138.59.177.106:443 138.68.106.4:7080 139.130.241.252:443 139.130.242.43:80 139.162.118.88:8080 139.162.183.41:443 139.59.12.63:8080 14.160.93.230:80 14.161.30.33:443 14.201.35.38:80 142.93.114.137:8080 142.93.87.198:8080 144.139.247.220:80 144.139.56.105:80 144.139.91.187:80 144.217.117.207:8080 149.202.153.252:8080 149.62.173.247:8080 151.237.36.220:80 154.120.227.190:443 156.155.163.232:80 157.7.164.178:8081 158.69.167.246:8080 159.203.204.126:8080 159.65.25.128:8080 159.69.89.130:8080 160.119.153.20:80 160.16.215.66:8080 162.144.46.90:8080 163.172.40.218:7080 163.172.97.112:8080 165.100.148.200:8080 165.227.156.155:443 165.228.195.93:80 167.71.10.37:8080 167.99.105.223:7080 168.235.67.138:8080 168.235.82.183:8080 169.239.182.217:8080 172.104.70.207:8080 173.12.14.133:8080 173.21.26.90:80 173.247.19.238:80 173.66.96.135:80 173.91.11.142:80 174.77.190.137:8080 174.81.132.128:80 175.103.239.50:80 175.114.178.83:443 175.127.140.68:80 176.106.183.253:8080 176.31.200.130:8080 176.58.93.123:80 177.103.159.44:80 177.103.240.93:80 177.144.130.105:443 177.180.115.224:80 177.242.21.126:80 177.34.142.163:80 178.134.1.238:80 178.153.176.124:80 178.210.51.222:8080 178.237.139.83:8080 178.32.255.133:443 178.63.78.150:8080 178.79.163.131:8080 179.13.185.19:80 179.159.198.70:80 179.208.84.218:8080 179.5.118.12:8080 180.33.6.136:443 180.92.239.110:8080 181.10.204.106:80 181.126.70.117:80 181.167.35.84:80 181.196.27.123:80 181.198.203.45:443 181.231.220.232:80 181.36.42.205:443 181.53.29.136:8080 181.61.143.177:80 182.176.116.139:995 182.176.132.213:8090 182.187.137.199:8080 183.101.175.193:80 183.102.238.69:465 183.87.40.21:8080 183.99.239.141:80 184.167.148.162:80 185.144.138.190:80 185.160.212.3:80 185.160.229.26:80 185.192.75.240:443 185.244.167.25:443 185.86.148.222:8080 186.15.83.52:8080 186.177.174.163:80 186.4.172.5:8080 186.67.208.78:8080 186.68.48.204:443 186.75.241.230:80 186.84.173.136:8080 187.188.166.192:8080 187.250.92.82:80 187.54.225.76:80 187.72.47.161:443 188.0.135.237:80 188.135.15.49:80 188.152.7.140:80 188.216.24.204:80 188.218.104.226:80 188.251.213.180:443 189.159.115.178:8080 189.19.81.181:443 189.201.197.98:8080 189.203.177.41:443 189.225.211.171:443 189.26.118.194:80 189.61.200.9:443 190.100.153.162:443 190.115.18.139:8080 190.117.226.104:80 190.12.119.180:443 190.151.5.130:443 190.161.180.184:80 190.161.67.63:80 190.162.159.212:80 190.17.44.48:80 190.17.94.108:443 190.171.135.235:80 190.171.153.139:80 190.186.164.23:80 190.189.224.117:443 190.201.144.85:7080 190.210.184.138:995 190.210.236.139:80 190.219.149.236:80 190.220.19.82:443 190.231.210.35:80 190.231.42.130:80 190.38.152.143:80 190.38.252.45:443 190.47.236.83:80 190.5.162.204:80 190.53.135.159:21 190.55.181.54:443 190.74.246.158:8080 190.93.210.113:80 191.100.24.201:50000 191.103.76.34:443 191.183.21.190:80 192.161.190.171:8080 192.163.221.191:7080 192.210.217.94:8080 192.241.146.84:8080 192.241.220.183:8080 192.241.241.221:443 192.241.255.77:8080 193.33.38.208:443 195.201.56.70:8080 195.244.215.206:80 197.94.32.129:8080 198.199.112.197:8080 198.46.150.196:7080 198.57.217.170:7080 2.235.190.23:8080 2.237.76.249:80 2.38.99.79:80 2.42.173.240:80 2.45.112.134:80 2.47.112.72:80 200.114.167.85:80 200.116.145.225:443 200.119.11.118:443 200.123.183.137:443 200.124.225.32:80 200.21.90.5:443 200.41.121.69:443 200.45.187.90:80 200.55.53.7:80 200.58.83.179:80 200.82.170.231:80 200.82.88.254:80 201.137.247.222:443 201.173.217.124:443 201.183.251.100:80 201.184.105.242:443 201.196.15.79:990 201.213.32.59:80 202.62.39.111:80 203.124.57.50:80 203.130.0.69:80 203.153.216.178:7080 203.160.173.202:80 203.25.159.3:8080 206.189.112.148:8080 206.81.10.215:8080 207.154.204.40:8080 209.141.54.221:8080 209.146.22.34:443 209.97.168.52:8080 210.111.160.220:80 210.171.146.118:80 210.224.65.117:80 210.6.85.121:80 211.42.204.154:80 211.48.165.9:443 211.63.71.72:8080 212.112.113.235:80 212.129.14.27:8080 212.237.50.61:8080 212.253.82.142:443 212.71.237.140:8080 216.251.83.79:80 216.75.37.196:8080 217.12.70.226:80 217.160.182.191:8080 217.181.139.237:443 217.199.160.224:8080 219.75.66.103:80 219.78.255.48:80 220.255.57.31:80 220.78.29.88:80 221.154.59.110:80 223.255.148.134:80 23.253.207.142:8080 24.105.202.216:443 24.181.125.62:80 24.28.178.71:80 24.94.237.248:80 31.172.240.91:8080 31.177.54.196:443 31.31.77.83:443 37.120.185.153:443 37.157.194.134:443 37.187.6.63:8080 37.46.129.215:8080 37.59.24.177:8080 37.59.24.25:8080 37.70.131.107:80 41.111.190.94:80 41.185.29.128:8080 41.60.200.34:80 41.77.74.214:443 42.51.192.231:8080 45.33.49.124:443 45.51.40.140:80 45.79.95.107:443 45.8.136.201:80 46.101.212.195:8080 46.101.7.140:8080 46.105.131.68:8080 46.105.131.87:80 46.17.6.116:8080 46.216.60.138:80 46.28.111.142:7080 46.32.229.152:8080 47.149.28.234:80 47.153.183.211:80 47.156.70.145:80 47.6.15.79:443 47.6.15.79:80 5.154.58.24:80 5.178.245.100:80 5.189.148.98:8080 5.196.35.138:7080 5.196.74.210:8080 5.32.55.214:80 5.88.27.67:8080 50.116.78.109:8080 50.116.86.205:8080 50.28.51.143:8080 51.159.23.217:443 51.255.165.160:8080 51.38.134.203:8080 51.77.113.97:8080 58.162.218.151:80 58.171.38.26:80 58.171.42.66:8080 58.185.224.18:80 59.103.164.174:80 59.120.5.154:80 59.148.227.190:80 59.158.164.66:443 59.8.197.241:80 60.231.217.199:8080 62.138.26.28:8080 62.15.36.103:443 62.75.143.100:7080 62.75.160.178:8080 62.75.187.192:8080 63.248.198.8:80 64.147.15.138:80 64.53.242.181:8080 66.209.97.122:8080 66.229.161.86:443 66.25.34.20:80 66.34.201.20:7080 67.225.179.64:8080 67.254.196.78:443 68.118.26.116:80 68.174.15.223:80 68.183.170.114:8080 68.183.190.199:8080 68.187.160.28:443 69.14.208.221:80 69.163.33.84:8080 69.30.205.162:7080 70.169.53.234:80 70.175.171.251:80 70.46.247.81:80 71.83.82.123:8080 72.27.212.209:8080 72.29.55.174:80 72.51.153.27:80 73.11.153.178:8080 73.214.99.25:80 73.217.39.73:80 73.60.8.210:80 74.105.102.97:8080 74.79.103.55:80 75.127.72.18:8080 75.86.6.174:80 76.164.99.46:80 77.55.211.77:8080 78.186.102.195:80 78.189.165.52:8080 78.189.60.109:443 78.210.132.35:80 78.24.219.147:8080 78.46.87.133:8080 79.159.249.152:80 79.7.114.1:80 79.7.158.208:80 80.11.158.65:8080 81.82.247.216:80 82.146.55.23:7080 82.165.15.188:8080 82.196.15.205:8080 82.27.181.93:80 82.79.244.92:80 82.8.232.51:80 83.156.88.159:80 83.165.78.227:80 83.248.141.198:80 85.100.122.211:80 85.109.190.235:443 85.152.174.56:80 85.152.208.146:80 85.235.219.74:80 85.67.10.190:80 86.42.166.147:80 86.98.156.239:443 87.106.136.232:8080 87.106.139.101:8080 87.106.46.107:8080 87.106.77.40:7080 87.230.19.21:8080 87.9.181.247:80 88.247.26.78:80 88.248.140.80:80 88.249.120.205:80 88.249.181.198:443 89.215.225.15:80 91.117.131.122:80 91.117.159.233:80 91.117.31.181:80 91.117.83.59:80 91.191.206.60:443 91.205.173.150:8080 91.205.215.57:7080 91.205.215.66:443 91.73.197.90:80 91.74.175.46:80 91.83.93.103:443 91.83.93.124:7080 92.16.222.156:80 92.222.216.44:8080 93.144.226.57:80 93.147.141.5:80 94.200.114.162:80 94.200.126.42:80 94.203.236.122:80 95.128.43.213:8080 95.130.37.244:443 95.216.207.86:7080 95.216.212.157:8080 95.9.217.200:8080 96.61.113.203:80 97.120.32.227:80 98.15.140.226:80 98.156.206.153:80 98.178.241.106:80 98.30.113.161:80 99.252.27.6:80 # Reference: https://twitter.com/luc4m/status/1217152651046948864 # Reference: https://pastebin.com/KGF4uy28 104.131.58.132:8080 109.169.86.13:8080 110.142.161.90:443 110.170.65.146:80 113.190.254.245:80 113.61.76.239:80 114.109.179.60:80 118.36.70.245:80 119.59.124.163:8080 120.150.247.164:80 125.99.61.162:7080 138.68.106.4:7080 139.162.118.88:8080 14.160.93.230:80 14.201.35.38:80 142.93.114.137:8080 144.139.56.105:80 149.62.173.247:8080 151.237.36.220:80 151.80.142.33:80 152.231.89.226:80 159.65.241.220:8080 165.228.195.93:80 172.104.169.32:8080 175.114.178.83:443 177.103.159.44:80 177.242.21.126:80 177.34.142.163:80 177.92.14.34:80 178.79.163.131:8080 179.208.84.218:8080 181.10.204.106:80 181.129.96.162:990 181.167.96.215:80 181.231.220.232:80 181.30.61.163:443 181.30.61.163:80 181.36.42.205:443 185.160.212.3:80 185.160.229.26:80 185.86.148.222:8080 185.94.252.12:80 186.15.52.123:80 186.15.83.52:8080 186.68.48.204:443 187.188.166.192:8080 187.54.225.76:80 188.135.15.49:80 189.19.81.181:443 189.201.197.98:8080 189.26.118.194:80 190.100.153.162:443 190.151.5.130:443 190.17.44.48:80 190.186.164.23:80 190.191.82.216:80 190.195.129.227:8090 190.210.184.138:995 190.210.236.139:80 190.219.149.236:80 191.103.76.34:443 191.183.21.190:80 192.241.143.52:8080 192.241.146.84:8080 2.42.173.240:80 2.45.112.134:80 2.47.112.72:80 200.123.183.137:443 200.45.187.90:80 200.55.53.7:80 200.58.83.179:80 201.213.100.141:8080 201.213.32.59:80 202.62.39.111:80 203.130.0.69:80 203.25.159.3:8080 207.154.204.40:8080 212.71.237.140:8080 216.251.83.79:80 217.199.160.224:8080 37.120.185.153:443 37.187.6.63:8080 45.79.95.107:443 45.8.136.201:80 46.101.212.195:8080 46.28.111.142:7080 5.196.35.138:7080 5.88.27.67:8080 50.28.51.143:8080 58.162.218.151:80 58.171.38.26:80 59.120.5.154:80 62.15.36.103:443 62.75.143.100:7080 62.75.160.178:8080 63.248.198.8:80 68.174.15.223:80 68.183.170.114:8080 68.183.190.199:8080 68.187.160.28:443 69.163.33.84:8080 72.29.55.174:80 76.69.26.71:80 77.55.211.77:8080 79.7.114.1:80 79.7.158.208:80 80.11.158.65:8080 81.16.1.45:80 81.213.78.151:443 82.196.15.205:8080 82.8.232.51:80 83.165.78.227:80 85.105.241.192:80 86.123.138.76:80 86.42.166.147:80 87.106.46.107:8080 87.106.77.40:7080 89.211.114.203:80 91.117.159.233:80 91.205.215.57:7080 91.74.175.46:80 93.144.226.57:80 94.176.234.118:443 94.200.126.42:80 96.61.113.203:80 97.120.32.227:80 99.252.27.6:80 # Reference: https://twitter.com/DFNCERT/status/1218190294769971203 # Reference: https://app.any.run/tasks/59210c37-fda8-41a6-8ab1-0b2eee9d2145/ 68.172.243.146:80 # Reference: https://pastebin.com/iniJV48S 1.217.126.11:443 1.221.254.82:80 105.209.235.113:8080 106.248.79.174:80 110.142.161.90:80 110.2.118.164:80 112.186.195.176:80 114.179.127.48:80 122.116.104.238:7080 122.176.116.57:443 122.19.63.27:80 124.150.175.133:80 125.209.114.180:443 139.59.12.63:8080 14.161.30.33:443 142.93.87.198:8080 144.139.91.187:80 144.76.56.36:8080 149.202.153.251:8080 154.73.137.131:80 156.155.163.232:80 157.7.164.178:8081 158.69.167.246:8080 160.119.153.20:80 160.226.171.255:443 162.144.46.90:8080 163.172.107.70:8080 176.58.93.123:80 177.103.240.93:80 177.144.130.105:443 178.33.167.120:8080 179.5.118.12:8080 180.16.248.25:80 181.196.27.123:80 181.39.96.86:443 181.53.29.136:8080 182.176.116.139:995 183.82.123.60:443 183.87.40.21:8080 183.91.3.63:80 185.207.57.205:443 186.147.245.204:80 186.223.86.136:443 186.84.173.136:8080 187.177.155.123:990 187.72.47.161:443 188.251.213.180:443 190.17.94.108:443 190.171.153.139:80 190.201.144.85:7080 190.5.162.204:80 190.93.210.113:80 192.210.217.94:8080 192.241.220.183:8080 192.241.241.221:443 195.201.56.70:8080 196.6.119.137:80 197.94.32.129:8080 200.82.88.254:80 201.183.251.100:80 203.124.57.50:80 203.153.216.178:7080 211.20.154.102:80 211.229.116.130:80 212.112.113.235:80 212.129.14.27:8080 216.75.37.196:8080 220.247.70.174:80 23.253.207.142:8080 24.141.12.228:80 24.70.40.15:8080 37.46.129.215:8080 41.215.79.182:80 41.77.74.214:443 42.51.192.231:8080 46.17.6.116:8080 46.32.229.152:8080 5.178.245.100:80 5.196.200.208:8080 50.116.78.109:8080 51.38.134.203:8080 51.77.113.97:8080 58.185.224.18:80 58.92.179.55:443 59.135.126.129:443 60.130.173.117:80 60.152.212.149:80 61.204.119.188:443 61.221.152.140:80 67.254.196.78:443 69.14.208.221:80 70.45.30.28:80 72.27.212.209:8080 75.127.14.170:8080 75.86.6.174:80 76.11.76.47:80 76.185.136.132:80 76.87.58.38:80 77.74.78.80:443 78.101.95.172:80 78.186.102.195:80 78.188.170.128:80 78.189.165.52:8080 78.189.60.109:443 78.210.132.35:80 78.46.87.133:8080 80.211.32.88:8080 81.82.247.216:80 82.146.55.23:7080 82.165.15.188:8080 85.100.122.211:80 85.109.190.235:443 88.225.230.33:80 88.247.53.159:443 88.248.140.80:80 88.249.181.198:443 89.215.225.15:80 91.117.131.122:80 91.117.31.181:80 91.73.169.210:80 91.83.93.103:443 95.130.37.244:443 95.216.207.86:7080 95.9.217.200:8080 98.15.140.226:80 98.178.241.106:80 98.192.74.164:80 # Reference: https://app.any.run/tasks/9056d965-915a-498a-83bc-a750fc0389f2/ # Reference: https://www.virustotal.com/gui/ip-address/98.199.196.197/relations # Reference: https://www.virustotal.com/gui/ip-address/188.85.143.170/relations # Reference: https://www.virustotal.com/gui/ip-address/195.223.215.190/relations 98.199.196.197:80 188.85.143.170:80 195.223.215.190:80 testtaglabel.com/wp-includes/LqYA88863/ xishicanting.com/wp-admin/jIx/ # Reference: https://app.any.run/tasks/881f5580-7cee-4156-bc70-d9592d526345/ # Reference: https://www.virustotal.com/gui/ip-address/113.61.76.239/relations # Reference: https://www.virustotal.com/gui/ip-address/68.62.245.148/relations # Reference: https://www.virustotal.com/gui/ip-address/91.242.136.103/relations salman.vetkare.com/dashboard/ccABOH4/ 113.61.76.239:80 68.62.245.148:80 91.242.136.103:80 # Reference: https://twitter.com/Jouliok/status/1219952503032250368 # Reference: https://app.any.run/tasks/4092920b-325b-494e-b00e-edc0b494c2d8/ # Reference: https://www.virustotal.com/gui/ip-address/68.114.229.171/relations # Reference: https://www.virustotal.com/gui/ip-address/74.101.225.121/relations 68.114.229.171:80 74.101.225.121:80 74.101.225.121:443 # Reference: https://www.virustotal.com/gui/ip-address/72.186.137.156/relations 72.186.137.156:80 # Reference: https://www.virustotal.com/gui/ip-address/66.7.242.50/relations 66.7.242.50:80 66.7.242.50:8080 # Reference: https://twitter.com/gibbersen/status/1220405804106420225 186.177.165.196:443 # Reference: https://www.virustotal.com/gui/ip-address/177.103.157.126/relations 177.103.157.126:80 # Reference: https://app.any.run/tasks/effd2c56-edcc-4ae8-9643-7265de85ceea/ # Reference: https://app.any.run/tasks/8e35de27-f9d8-4d2f-bb83-7cad61d10e69/ 70.184.9.39:8080 108.6.140.26:80 207.180.227.229:8080 # Reference: https://pastebin.com/E2VjnVCx 167.71.10.37:8080 37.157.194.134:443 217.199.160.224:8080 192.241.255.77:8080 31.31.77.83:443 108.191.2.72:80 185.160.212.3:80 70.175.171.251:80 67.254.196.78:443 66.34.201.20:7080 37.46.129.215:8080 79.7.114.1:80 110.143.84.202:80 110.2.118.164:80 203.153.216.178:7080 45.8.136.201:80 217.12.70.226:80 190.17.94.108:443 82.165.15.188:8080 165.228.195.93:80 187.188.166.192:8080 181.231.220.232:80 98.156.206.153:80 173.21.26.90:80 200.55.53.7:80 91.117.159.233:80 110.142.161.90:443 173.66.96.135:80 47.153.183.211:80 41.60.200.34:80 98.30.113.161:80 79.159.249.152:80 189.203.177.41:443 190.117.226.104:80 70.169.53.234:80 91.73.169.210:80 200.82.88.254:80 85.105.241.192:80 27.109.153.201:8090 41.215.79.182:80 106.248.79.174:80 77.74.78.80:443 172.104.169.32:8080 91.250.96.22:8080 95.213.236.64:8080 66.7.242.50:8080 72.186.137.156:80 197.89.27.26:8080 115.95.6.218:443 61.204.119.188:443 70.123.95.180:80 201.236.135.104:443 61.37.31.243:80 189.159.112.237:8080 76.104.80.47:80 64.66.6.71:8080 115.65.111.148:443 104.131.44.150:8080 78.24.219.147:8080 92.222.216.44:8080 46.105.131.87:80 182.176.132.213:8090 211.63.71.72:8080 5.196.74.210:8080 104.236.246.93:8080 87.106.139.101:8080 87.106.136.232:8080 190.53.135.159:21 149.202.153.252:8080 62.75.187.192:8080 45.33.49.124:443 95.128.43.213:8080 159.65.25.128:8080 31.172.240.91:8080 201.184.105.242:443 59.103.164.174:80 104.131.11.150:8080 169.239.182.217:8080 217.160.182.191:8080 87.230.19.21:8080 176.58.93.123:80 192.241.220.183:8080 216.75.37.196:8080 95.216.207.86:7080 212.112.113.235:80 157.7.164.178:8081 51.38.134.203:8080 68.183.190.199:8080 178.79.163.131:8080 87.106.77.40:7080 62.75.143.100:7080 62.75.160.178:8080 203.25.159.3:8080 138.68.106.4:7080 149.62.173.247:8080 91.83.93.124:7080 212.71.237.140:8080 181.29.101.13:8080 185.86.148.222:8080 86.42.166.147:80 181.36.42.205:443 68.183.170.114:8080 119.59.124.163:8080 50.28.51.143:8080 82.196.15.205:8080 5.196.35.138:7080 46.28.111.142:7080 125.99.61.162:7080 151.80.142.33:80 91.205.215.57:7080 77.55.211.77:8080 109.169.86.13:8080 78.186.5.109:443 190.17.44.48:80 200.58.83.179:80 159.65.241.220:8080 186.15.83.52:8080 64.53.242.181:8080 70.45.30.28:80 149.202.153.251:8080 46.105.131.69:443 46.32.229.152:8080 89.32.150.160:8080 105.247.123.133:8080 41.185.29.128:8080 69.163.33.84:8080 45.79.95.107:443 23.253.207.142:8080 172.104.70.207:8080 201.213.32.59:80 211.229.116.130:80 183.102.238.69:465 142.93.87.198:8080 142.93.114.137:8080 207.154.204.40:8080 190.210.184.138:995 217.160.19.232:8080 187.177.155.123:990 50.116.78.109:8080 78.46.87.133:8080 46.17.6.116:8080 162.144.46.90:8080 212.129.14.27:8080 190.195.129.227:8090 203.130.0.69:80 209.97.168.52:8080 50.116.86.205:8080 182.176.116.139:995 206.189.112.148:8080 206.81.10.215:8080 190.186.164.23:80 186.68.48.204:443 191.103.76.34:443 50.63.13.135:8080 144.139.56.105:80 195.244.215.206:80 120.150.246.241:80 91.73.197.90:80 72.27.212.209:8080 190.12.119.180:443 201.183.251.100:80 190.5.162.204:80 108.179.206.219:8080 69.30.205.162:7080 210.111.160.220:80 192.210.217.94:8080 81.82.247.216:80 82.79.244.92:80 89.215.225.15:80 72.29.55.174:80 188.216.24.204:80 82.8.232.51:80 5.88.27.67:8080 87.106.46.107:8080 110.142.161.90:80 78.186.102.195:80 139.130.241.252:443 58.171.42.66:8080 210.6.85.121:80 201.173.217.124:443 98.15.140.226:80 41.77.74.214:443 91.117.31.181:80 85.109.190.235:443 209.141.54.221:8080 73.11.153.178:8080 68.174.15.223:80 2.42.173.240:80 47.156.70.145:80 175.127.140.68:80 139.59.12.63:8080 185.244.167.25:443 158.69.167.246:8080 42.51.192.231:8080 91.74.175.46:80 139.162.118.88:8080 37.120.185.153:443 192.241.146.84:8080 103.86.49.11:8080 94.200.114.162:80 47.6.15.79:80 47.6.15.79:443 91.117.131.122:80 177.103.240.93:80 179.13.185.19:80 190.220.19.82:443 88.247.26.78:80 82.146.55.23:7080 37.70.131.107:80 51.77.113.97:8080 113.61.76.239:80 80.11.158.65:8080 99.252.27.6:80 58.185.224.18:80 95.9.217.200:8080 85.152.174.56:80 2.237.76.249:80 91.205.215.66:443 69.14.208.221:80 156.155.163.232:80 185.192.75.240:443 190.100.153.162:443 188.135.15.49:80 85.67.10.190:80 177.144.130.105:443 189.19.81.181:443 2.45.112.134:80 195.223.215.190:80 151.237.36.220:80 121.88.5.176:443 160.16.215.66:8080 62.138.26.28:8080 120.151.135.224:80 178.237.139.83:8080 190.93.210.113:80 197.94.32.129:8080 112.186.195.176:80 191.183.21.190:80 175.114.178.83:443 93.144.226.57:80 58.171.38.26:80 37.187.6.63:8080 110.170.65.146:80 24.105.202.216:443 24.94.237.248:80 98.178.241.106:80 190.171.153.139:80 179.5.118.12:8080 177.242.21.126:80 190.210.236.139:80 200.123.183.137:443 202.62.39.111:80 114.109.179.60:80 113.190.254.245:80 181.10.204.106:80 85.100.122.211:80 78.189.165.52:8080 88.248.140.80:80 105.209.235.113:8080 95.130.37.244:443 45.73.157.243:8080 216.251.83.79:80 62.15.36.103:443 58.162.218.151:80 201.213.100.141:8080 14.201.35.38:80 94.200.126.42:80 59.120.5.154:80 79.7.158.208:80 120.150.247.164:80 188.218.104.226:80 200.82.170.231:80 177.103.159.44:80 189.201.197.98:8080 2.47.112.72:80 190.191.82.216:80 190.219.149.236:80 47.180.91.213:80 181.143.126.170:80 186.86.247.171:443 5.32.55.214:80 200.21.90.5:443 181.126.70.117:80 139.130.242.43:80 223.197.185.60:80 88.249.120.205:80 188.0.135.237:80 180.92.239.110:8080 178.153.176.124:80 190.55.181.54:443 200.116.145.225:443 60.231.217.199:8080 209.146.22.34:443 196.6.119.137:80 1.217.126.11:443 1.221.254.82:80 78.210.132.35:80 203.124.57.50:80 75.86.6.174:80 91.83.93.103:443 78.189.60.109:443 122.116.104.238:7080 144.139.91.187:80 181.196.27.123:80 183.87.40.21:8080 195.201.56.70:8080 188.251.213.180:443 192.241.241.221:443 160.119.153.20:80 14.161.30.33:443 187.72.47.161:443 181.30.61.163:80 186.15.52.123:80 81.213.78.151:443 204.225.249.100:7080 185.94.252.12:80 24.164.79.147:8080 190.117.126.169:80 221.165.123.72:80 37.187.72.193:8080 110.36.217.66:8080 190.146.205.227:8080 183.91.3.63:80 183.82.123.60:443 185.207.57.205:443 125.209.114.180:443 154.73.137.131:80 181.39.96.86:443 60.130.173.117:80 163.172.107.70:8080 5.196.200.208:8080 160.226.171.255:443 82.145.43.153:8080 61.221.152.140:80 122.176.116.57:443 75.127.14.170:8080 78.188.170.128:80 152.231.89.226:80 86.123.138.76:80 192.241.143.52:8080 76.69.26.71:80 200.45.187.90:80 181.167.96.215:80 181.129.96.162:990 81.16.1.45:80 94.176.234.118:443 177.239.160.121:80 78.189.180.107:80 201.229.45.222:8080 105.27.155.182:80 205.185.117.108:8080 62.75.141.82:80 186.147.245.204:80 60.152.212.149:80 88.247.53.159:443 70.184.69.146:80 186.177.165.196:443 139.47.135.215:80 129.205.201.163:80 151.231.7.154:80 78.142.114.69:80 24.141.12.228:80 76.11.76.47:80 220.247.70.174:80 24.196.49.98:80 93.147.141.5:443 72.189.57.105:80 73.239.11.159:80 82.152.149.79:80 186.200.205.170:80 68.172.243.146:80 64.40.250.5:80 101.187.134.207:8080 181.13.24.82:80 101.187.197.33:443 178.20.74.212:80 103.97.95.218:80 60.250.78.22:443 118.185.7.132:80 58.92.179.55:443 180.16.248.25:80 186.223.86.136:443 98.199.196.197:80 100.6.23.40:80 200.71.200.4:443 190.114.244.182:443 190.143.39.231:80 90.69.145.210:8080 101.187.237.217:80 98.192.74.164:80 59.135.126.129:443 24.70.40.15:8080 178.33.167.120:8080 144.76.56.36:8080 88.225.230.33:80 153.183.25.24:80 153.137.36.142:80 182.74.249.74:80 68.62.245.148:80 91.242.136.103:80 76.104.80.47:443 74.130.83.133:80 85.105.205.77:8080 87.81.51.125:80 202.175.121.202:8090 176.9.43.37:8080 5.199.130.105:7080 190.131.167.50:80 124.99.167.65:443 68.114.229.171:80 74.101.225.121:443 152.168.248.128:443 211.192.153.224:80 81.214.253.80:443 180.33.71.88:80 175.181.7.188:80 37.211.67.229:80 177.103.157.126:80 203.45.161.179:443 73.125.15.41:80 185.243.92.42:8080 75.114.235.105:80 78.101.70.199:443 42.200.226.58:80 45.55.65.123:8080 99.229.254.209:80 190.63.7.166:8080 81.214.142.115:80 186.138.186.74:443 190.24.243.186:80 175.139.209.3:8080 108.6.140.26:80 70.184.9.39:8080 222.144.13.169:80 189.212.199.126:443 72.176.87.136:80 150.246.246.238:80 202.229.211.95:80 # Reference: https://app.any.run/tasks/d5d42b37-39d3-4c1d-81f0-f6df25ae4bf9/ 195.250.143.182:80 rahatsozluk.com # Reference: https://app.any.run/tasks/78465443-f40b-48eb-a4ba-9189953a96a2/ 190.6.193.152:8080 200.69.224.73:80 # Reference: https://app.any.run/tasks/4d39b07f-4ea9-40ed-a379-e29bc6b924c0/ 71.197.197.100:80 24.167.122.146:8080 # Reference: https://app.any.run/tasks/fcc29969-14fe-40d0-b556-167453c0d7b1/ # Reference: https://www.virustotal.com/gui/ip-address/71.126.247.90/relations # Reference: https://www.virustotal.com/gui/ip-address/98.239.119.52/relations 104.236.28.47:8080 71.126.247.90:80 80.86.91.91:8080 98.239.119.52:80 # Reference: https://twitter.com/malwrhunterteam/status/1226219678579777536 193.26.217.243:443 45.79.223.161:443 # Reference: https://www.virustotal.com/gui/domain/movin.cloud/relations movin.cloud # Reference: https://twitter.com/VK_Intel/status/1229512005591207936 # Reference: https://www.virustotal.com/gui/file/2dfc4c92635a2a86c8d70dc0931547f183467038dd95c857d374bdcb107a7d6b/detection machunion.com/kajsdfogijoig # Reference: https://twitter.com/James_inthe_box/status/1229520603020873728 # Reference: https://app.any.run/tasks/19018714-6f35-4a7b-9aa7-5783f8bc208b/ mappingskills.com/msdlfkbdkfjb # Reference: https://app.any.run/tasks/e2544e05-649d-4ef4-8490-26d503c0cf69/ 72.44.93.233:8080 # Reference: https://otx.alienvault.com/pulse/5e4e6a0d94a95ceef6df9cec # Reference: https://www.virustotal.com/gui/ip-address/70.187.114.147/relations 70.187.114.147:80 91.205.215.10:7080 91.205.215.10:80 houloul.org usaa-unlock.net shabon.co usaa-unlock.com # Reference: https://app.any.run/tasks/edb01a6a-5e48-43f3-833a-e2fb000fbc31/ 66.209.97.122:8080 174.77.190.137:8080 # Reference: https://twitter.com/seguridadyredes/status/1234215349454876672/photo/1 # Reference: https://www.virustotal.com/gui/ip-address/51.77.113.102/relations http://51.77.113.102 # Reference: https://twitter.com/Bitterman59/status/1233487861082677249 arcelik.servisimerkezim.com # Reference: https://www.virustotal.com/gui/file/fa99feb493d26c540fa722f044930534417a92ddb9b3e3b994702416bce27f38/behavior/Dr.Web%20vxCube monodoze.com/wp-content/SSlWN/ smartelecttronix.com/wp-includes/pHtVW/ puntoprecisoapp.com/ypb/C3p/ puntoprecisoapp.com/fORZa/ypb/C3p/ tomsnyder.net/Factures/ed/ puntoprecisoapp.com/pSgNQ/ypb/C3p/ themauritiustour.com/9fuc5ls/oPkA/ puntoprecisoapp.com/NRXVg/ypb/C3p/ puntoprecisoapp.com/OQWRh/ypb/C3p/ # Reference: https://www.virustotal.com/gui/domain/blueombrehairstyle.site/relations blueombrehairstyle.site/wp-admin/WTwFtrmTPyVSnESPjOoYOLtaIc # Reference: https://www.virustotal.com/gui/file/8ef3a86989c9654cd7b0914ab743459ad98702ea960612c66e331f858a791eb0/behavior/Lastline uccn.bru.ac.th/wp-content/rfaa0u4/ # Reference: https://app.any.run/tasks/db8063d7-b17b-4d40-88f1-9b4212a48a97/ # Reference: https://www.virustotal.com/gui/ip-address/68.202.51.4/relations http://68.202.51.4 # Reference: https://blog.talosintelligence.com/2020/03/threat-roundup-0228-0306.html (# Win.Dropper.Emotet-7600941-0) # Reference: https://www.virustotal.com/gui/ip-address/104.32.141.43/relations # Reference: https://www.virustotal.com/gui/ip-address/181.61.224.26/relations # Reference: https://www.virustotal.com/gui/ip-address/189.201.197.106/relations # Reference: https://www.virustotal.com/gui/ip-address/212.174.57.124/relations # Reference: https://www.virustotal.com/gui/ip-address/216.75.37.196/relations # Reference: https://www.virustotal.com/gui/ip-address/74.105.51.75/relations # Reference: https://www.virustotal.com/gui/ip-address/89.108.158.234/relations http://104.32.141.43 http://181.61.224.26 http://189.201.197.106 http://216.75.37.196 http://212.174.57.124 http://74.105.51.75 http://89.108.158.234 189.201.197.106:8080 212.174.57.124:8080 74.105.51.75:8080 89.108.158.234:8080 # Reference: https://twitter.com/tosscoinwitcher/status/1237223974750191616 42.115.22.145:80 95.85.22.63:443 # Reference: https://twitter.com/tosscoinwitcher/status/1237067625106030594 # Reference: https://www.virustotal.com/gui/ip-address/104.236.52.89/relations http://104.236.52.89 104.236.52.89:8080 # Reference: https://twitter.com/tosscoinwitcher/status/1237469398740303873 # Reference: https://twitter.com/tosscoinwitcher/status/1237499336021299202 # Reference: https://www.virustotal.com/gui/ip-address/1.163.163.199/relations # Reference: https://www.virustotal.com/gui/file/ed58cad9049c6c4af8029a5f4d087857be4306bcc0b4b3739c74f6caf0a458c8/detection http://1.163.163.199 http://165.255.105.53 # Reference: https://paste.cryptolaemus.com/emotet/2020/03/12/emotet-c2-rsa-update-03-12-20-1.html 1.163.163.199:80 101.187.97.173:80 102.182.145.130:80 102.22.62.71:80 103.205.177.228:443 103.31.232.93:443 103.61.109.13:80 103.97.95.221:80 104.131.103.37:8080 104.131.11.150:443 104.131.41.185:8080 104.236.161.64:8080 104.238.80.237:8080 104.32.141.43:80 105.224.209.135:443 107.184.91.187:80 109.236.109.159:8080 110.145.124.178:443 110.145.77.103:80 110.37.226.196:80 110.44.113.2:8080 111.67.12.221:8080 112.68.240.21:80 113.160.180.109:80 113.160.235.179:8080 113.160.88.86:443 113.161.148.81:80 113.61.66.94:80 115.65.111.148:80 115.75.6.2:443 115.79.195.246:80 116.73.14.186:80 116.90.228.177:80 116.90.229.22:80 117.2.133.44:443 117.7.236.115:80 118.200.116.83:80 118.69.70.109:80 118.69.71.14:80 12.162.84.2:8080 120.150.142.241:80 120.150.76.215:80 120.151.194.117:80 122.116.104.238:8080 124.150.175.133:443 125.63.106.22:80 130.204.245.137:80 132.248.38.158:80 133.208.252.149:80 136.243.205.112:7080 14.141.203.150:80 14.161.6.60:80 143.0.87.101:80 148.102.77.148:80 152.169.32.195:80 152.170.108.99:443 152.170.196.157:443 152.32.78.6:80 153.160.71.129:53 153.174.73.130:80 154.120.227.190:20 154.120.227.190:80 156.67.114.199:80 161.18.233.114:80 162.255.112.157:443 163.53.180.227:80 164.77.130.222:80 164.77.131.165:80 165.255.105.53:80 168.235.67.138:7080 173.66.242.48:80 173.79.107.84:80 177.139.131.143:443 177.144.135.2:80 177.188.121.26:443 177.6.166.4:80 177.66.190.130:80 177.72.13.80:80 178.62.75.204:8080 179.184.65.222:80 179.232.65.117:80 179.5.118.12:80 181.122.172.67:8080 181.13.24.83:443 181.16.18.72:8080 181.164.25.59:80 181.167.53.79:443 181.225.24.251:80 181.230.116.163:80 181.31.211.181:80 181.54.182.135:80 181.56.163.152:80 181.60.247.8:443 181.61.224.26:80 182.71.222.187:80 182.73.199.226:8080 183.131.156.10:7080 183.91.15.80:8080 185.135.109.128:80 185.155.20.82:80 185.160.212.5:80 185.94.252.104:443 185.94.252.27:443 186.10.92.114:80 186.138.210.130:80 186.167.16.242:80 186.189.228.84:80 186.3.185.206:80 186.3.232.68:80 186.33.141.88:80 187.162.250.23:80 187.188.163.98:80 187.212.208.8:8080 187.241.28.114:80 187.51.47.26:80 189.1.185.248:80 189.14.80.194:443 189.220.246.167:80 189.42.145.34:80 190.111.215.3:8080 190.117.226.104:443 190.128.90.22:80 190.13.215.114:80 190.147.137.153:443 190.17.195.202:80 190.190.134.145:80 190.190.26.188:80 190.194.151.145:80 190.2.31.172:80 190.247.9.40:443 190.57.130.142:443 190.79.103.57:80 195.82.165.181:20 197.94.32.129:20 198.211.121.27:8080 198.58.119.85:8080 199.83.161.218:80 200.108.250.176:80 200.116.191.114:80 200.123.150.89:443 200.123.183.137:80 200.41.121.90:80 200.58.180.130:80 200.7.243.109:443 200.85.110.240:8080 201.155.204.151:80 201.17.193.151:443 202.175.121.202:8443 202.52.247.178:80 203.122.18.234:8080 203.153.216.182:7080 210.56.10.58:80 211.184.5.163:443 211.20.154.102:443 212.174.19.87:80 216.132.25.162:80 220.128.125.18:80 220.132.16.114:80 220.210.163.76:80 23.92.16.164:8080 24.196.13.216:80 24.249.73.48:80 31.146.61.34:80 37.139.21.175:8080 37.208.106.146:8080 37.222.74.104:8080 42.200.178.117:80 42.200.191.247:80 45.55.179.121:8080 47.146.123.171:80 47.156.64.4:80 49.204.68.26:20 5.32.84.54:80 5.39.91.110:7080 5.45.108.146:8080 50.35.17.13:80 54.39.177.43:80 54.39.187.202:443 58.177.172.160:80 59.120.74.106:80 59.20.65.102:80 60.142.249.243:80 61.92.159.208:8080 62.84.75.50:80 64.66.6.71:20 68.183.18.169:8080 70.32.115.157:8080 71.10.114.255:80 71.222.157.155:80 72.10.33.195:8080 72.202.237.228:80 72.231.228.196:80 72.47.248.48:7080 74.130.137.231:80 74.208.45.104:8080 75.133.26.185:80 77.69.8.132:7080 77.90.136.129:8080 79.99.107.130:443 81.215.14.128:80 83.169.21.32:7080 87.252.100.28:80 89.19.20.202:443 90.79.26.91:8080 91.219.169.180:80 91.231.166.124:8080 91.236.4.234:443 91.242.138.11:80 93.114.205.169:80 93.123.22.241:80 93.147.157.195:80 93.51.50.171:8080 94.206.82.254:443 94.76.247.61:8080 95.9.95.101:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/03/30/emotet-c2-rsa-update-03-30-20-1.html 104.182.56.131:443 109.73.110.33:80 110.143.8.89:80 110.37.226.196:443 113.160.130.116:8443 113.161.147.51:80 117.4.120.226:8080 118.70.126.251:443 134.19.217.180:80 149.135.10.19:80 168.197.252.178:80 177.0.241.28:80 177.139.128.221:80 177.230.81.0:22 177.73.3.204:80 179.62.26.236:80 180.222.165.169:80 181.164.215.193:80 181.176.191.27:443 181.228.91.247:443 184.57.130.8:80 186.176.228.2:80 186.208.123.210:443 186.80.169.128:80 187.162.248.237:80 188.129.197.149:80 188.251.213.180:8080 189.154.68.123:143 189.160.15.202:465 189.168.169.129:80 189.253.255.142:80 190.147.165.160:465 190.16.142.187:80 190.160.53.126:80 190.181.235.46:80 190.244.125.144:80 190.251.235.239:80 190.47.227.130:443 2.28.113.59:80 2.47.112.152:80 200.126.237.113:80 200.73.228.225:80 201.214.229.79:80 212.156.219.6:8080 213.243.211.114:80 24.179.13.119:80 24.194.252.25:80 37.210.228.23:80 41.169.20.147:80 41.203.62.170:80 45.118.136.92:8080 45.161.242.102:80 46.35.75.225:8080 47.150.248.161:80 49.176.162.90:80 60.117.26.28:80 61.197.37.169:80 67.20.141.76:80 68.115.64.219:80 68.203.213.226:80 73.155.126.84:80 73.176.10.71:80 80.102.134.174:8080 81.169.202.3:443 82.240.207.95:443 84.9.167.76:80 88.247.144.128:80 91.73.223.130:80 95.7.221.205:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/01/emotet-c2-rsa-update-04-01-20-1.html 189.134.47.51:443 101.187.104.105:80 60.53.206.244:80 70.180.44.93:80 221.133.46.86:443 88.244.56.219:80 201.91.28.210:80 46.214.11.172:80 65.24.85.214:80 190.108.228.62:8080 124.150.175.133:8080 170.82.195.50:80 # Reference: https://twitter.com/ScumBots/status/1238427161482211328 # Reference: https://www.virustotal.com/gui/ip-address/77.72.131.69/relations 77.72.131.69:442 77.72.131.69:8080 # Reference: https://twitter.com/sysopfb/status/1245787828300234752 # Reference: https://www.virustotal.com/gui/ip-address/23.95.238.106/relations http://23.95.238.106 # Reference: https://www.virustotal.com/gui/file/761287c60d47505b6d4bd079b49dd1ce3376217737c3aff8fd3daecdcc618e3f/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/e3b41c0d0834c0d5b121012fe9219529afaed899420d99bd3dba11f2c0a8810b/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/694bd6a04735b30d42ed40af026496ee1b77ce332c6570985a88358c82630d01/behavior/Dr.Web%20vxCube 197.87.130.229:8080 216.137.249.154:80 106.243.65.250:443 98.191.228.168:990 # Reference: https://www.virustotal.com/gui/ip-address/118.167.155.233/relations http://118.167.155.233 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/06/emotet-c2-rsa-update-04-06-20-1.html 152.170.222.65:80 84.79.142.51:8080 94.130.171.231:8080 113.52.123.226:7080 95.180.25.146:80 82.223.70.24:8080 186.188.152.177:80 179.127.59.210:443 91.73.197.186:80 137.25.7.112:8080 181.30.69.50:80 190.229.148.144:80 176.111.60.55:8080 209.151.248.242:8080 142.105.151.124:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/07/emotet-c2-rsa-update-04-07-20-1.html 201.213.100.141:443 87.127.197.7:8080 189.160.234.67:80 201.231.87.82:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/13/emotet-c2-rsa-update-04-13-20-1.html 67.235.68.222:80 110.145.101.66:443 93.147.137.162:80 137.59.187.107:8080 190.161.45.112:80 46.30.175.11:80 152.231.123.2:80 70.48.238.90:80 189.154.128.205:80 170.81.48.2:80 220.213.79.166:443 190.196.143.58:80 60.53.197.6:80 177.38.15.151:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/20/emotet-c2-rsa-update-04-20-20-1.html 68.44.137.144:443 114.145.241.208:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/04/30/emotet-c2-rsa-update-04-30-20-1.html 196.179.249.218:8080 85.94.81.18:80 193.80.169.64:80 78.12.27.172:80 132.255.227.134:80 # Reference: https://www.virustotal.com/gui/ip-address/103.38.12.139/relations 103.38.12.139:443 103.38.12.139:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/04/emotet-c2-rsa-update-05-04-20-1.html 195.76.232.114:80 85.94.170.73:80 186.188.222.3:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/11/emotet-c2-rsa-update-05-11-20-1.html 103.83.81.141:8080 95.216.118.202:8080 84.21.179.51:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/05/25/emotet-c2-rsa-update-05-25-20-1.html 162.154.38.103:80 186.226.226.116:80 181.92.244.156:80 41.215.92.157:80 190.47.227.130:80 213.60.96.117:80 79.45.112.220:80 153.133.224.78:80 140.207.113.106:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/01/emotet-c2-rsa-update-06-01-20-1.html 190.163.1.31:8080 190.19.169.69:443 190.144.18.198:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/15/emotet-c2-rsa-update-06-15-20-1.html 121.124.124.40:7080 24.1.189.87:8080 46.105.131.79:8080 186.223.86.132:443 207.255.37.143:80 37.210.166.214:80 75.139.38.211:80 153.126.210.205:7080 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/22/emotet-c2-rsa-update-06-22-20-1.html 190.111.215.4:8080 200.83.209.144:80 80.249.176.206:80 173.91.22.41:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/06/26/emotet-c2-rsa-update-06-26-20-1.html 46.49.124.53:80 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/06/emotet-c2-rsa-update-07-06-20-1.html 190.108.228.62:443 190.55.233.156:80 178.153.214.228:80 14.99.112.138:80 203.153.216.189:7080 61.19.246.238:443 41.169.20.147:8090 181.164.110.7:80 88.235.222.255:80 212.51.142.238:8080 91.211.88.52:7080 181.120.79.227:80 93.156.165.186:80 108.48.41.69:80 64.88.202.250:80 190.194.242.254:443 200.55.243.138:8080 217.13.106.14:8080 51.38.201.19:7080 81.2.235.111:8080 110.143.151.194:80 222.214.218.37:4143 139.59.60.244:8080 116.203.32.252:8080 186.250.52.226:8080 219.92.13.25:80 181.230.65.232:80 189.218.165.63:80 79.98.24.39:8080 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/14/emotet-c2-rsa-update-07-14-20-1.html 217.199.160.224:7080 186.70.127.199:8090 137.74.106.111:7080 109.117.53.230:443 109.74.5.95:8080 198.27.69.201:8080 58.153.68.176:80 181.129.96.162:8080 210.165.156.91:80 87.106.231.60:8080 181.134.9.162:80 104.247.221.104:443 95.179.229.244:8080 157.245.99.39:8080 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/20/emotet-c2-rsa-update-07-20-20-1.html 157.7.199.53:8080 124.45.106.173:443 74.207.230.187:8080 201.212.78.182:80 # Reference: https://www.virustotal.com/gui/file/a157a594207a18ada06373850abfce851648ff92ecf590b4539504ccd53c1354/detection 51.68.220.244:8080 # Reference: https://www.virustotal.com/gui/file/7aa1e0b8e78c3e0fd34f19b7398342d98216979a5a1ee19a5b89f83e4ce0fbbf/behavior/Dr.Web%20vxCube # Reference: https://www.virustotal.com/gui/file/1514389b50f6fb2be1712fa470e2b5c9a7455697bc029ca211f944d8d3907228/detection # Reference: https://www.virustotal.com/gui/file/dc4fa229a83ac9689fbbe7494d408c0806a769af5008df4ae6975b9e89a0c35f/behavior/Dr.Web%20vxCube tan-shuai.com/wp-content/9j34284/ raioz.com/img/qngig44/ raybo.net/bemcadd/7307/ avendtla.com/tcuv/pd27/ # Reference: https://twitter.com/58_158_177_102/status/1284138503127699458 109.117.53.230:443 tri-comma.com/wp-admin/MmD/ # Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ 178.210.171.15:443 190.160.53.126:443 212.51.142.238:443 # Reference: https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/ # Reference: https://app.any.run/tasks/765ea589-8b55-4031-818e-521840513ed2/ http://201.212.78.182 74.207.230.187:8080 # Reference: https://twitter.com/malware_traffic/status/1285664072814538753 124.45.106.173:443 198.144.158.120:443 # Reference: https://paste.cryptolaemus.com/emotet/2020/07/28/emotet-malware-IoCs_07-28-20.html 190.164.75.175:80 212.231.60.98:80 76.27.179.47:80 70.167.215.250:8080 47.153.182.47:80 187.106.41.99:80 88.217.172.65:443 177.37.81.212:443 24.234.133.205:80 181.143.101.19:8080 177.75.143.112:443 78.189.111.208:443 67.225.201.19:8080 23.111.136.190:8080 181.113.229.139:443 195.14.0.12:8080 71.208.216.10:80 192.95.4.184:8080 201.214.108.231:80 209.182.216.177:443 179.60.229.168:443 95.9.185.228:443 212.156.133.218:80 177.73.0.98:443 83.110.223.58:443 24.43.99.75:80 71.50.31.38:80 191.182.6.118:80 144.139.91.187:443 190.163.31.26:80 189.1.185.98:8080 189.146.1.78:443 191.99.160.58:80 105.209.239.55:80 177.74.228.34:80 190.96.118.251:443 24.157.25.203:80 195.159.28.229:7080 # Reference: https://paste.cryptolaemus.com/emotet/2020/08/31/emotet-malware-IoCs_08-31-20.html 58.171.153.81:80 72.135.200.124:80 190.128.173.10:80 157.245.138.101:7080 194.187.133.160:443 188.2.217.94:80 190.136.179.102:80 95.9.180.128:80 137.119.36.33:80 190.225.150.234:80 178.148.55.236:8080 70.121.172.89:80 94.200.114.161:80 24.148.98.177:80 50.81.3.113:80 67.68.210.95:80 85.109.159.61:443 107.161.30.122:8080 206.15.68.237:443 24.135.1.177:80 2.144.244.204:443 200.114.213.233:8080 186.103.141.250:443 45.182.161.17:80 139.162.108.71:8080 86.98.143.163:80 93.147.212.206:80 174.100.27.229:80 210.1.219.238:80 172.105.78.244:8080 115.78.11.155:80 179.62.238.49:80 118.101.24.148:80 73.213.208.163:80 153.232.188.106:80 173.94.215.84:80 45.173.88.33:80 37.187.100.220:7080 98.109.204.230:80 162.249.220.190:80 219.92.8.17:8080 77.238.212.227:80 190.190.15.20:80 174.45.13.118:80 162.241.242.173:8080 5.79.70.250:8080 209.236.123.42:8080 82.76.111.249:443 87.106.225.180:8080 62.30.7.67:443 222.159.240.58:80 138.97.60.141:7080 190.53.144.120:80 199.203.62.165:80 24.137.76.62:80 216.208.76.186:80 74.109.108.202:80 189.39.32.161:80 220.254.198.228:443 152.169.22.67:80 112.185.64.233:80 197.232.36.108:80 95.216.205.155:8080 185.86.148.68:443 190.190.148.27:8080 174.102.48.180:443 88.217.172.165:8080 89.205.113.80:80 65.36.62.20:80 175.29.183.2:80 81.4.105.175:8080 45.55.82.2:8080 85.66.181.138:80 68.183.233.80:8080 201.235.10.215:80 197.221.158.162:80 190.55.186.229:80 113.203.250.121:443 216.10.40.16:80 181.122.154.240:80 37.70.8.161:80 51.255.40.241:443 198.57.203.63:8080 45.33.77.42:8080 189.2.177.210:443 82.239.200.118:80 181.137.229.1:80 91.121.54.71:8080 60.125.114.64:443 173.81.218.65:80 45.55.36.51:443 67.247.242.247:80 37.52.87.0:80 81.17.93.134:80 68.171.118.7:80 178.250.54.208:8080 103.106.236.83:8080 71.57.180.213:80 120.150.60.189:80 212.174.55.22:443 64.201.88.132:80 213.197.182.158:8080 168.0.97.6:80 174.137.65.18:80 103.80.51.61:8080 187.161.206.24:80 45.16.226.117:443 186.227.146.102:80 189.131.57.131:80 94.23.237.171:443 185.208.226.142:8080 107.5.122.110:80 68.188.112.97:80 159.65.222.75:8080 84.39.182.7:80 177.94.227.143:80 175.139.144.229:8080 110.142.219.51:80 151.236.60.57:8080 139.99.158.11:443 # Reference: https://www.virustotal.com/gui/file/9b5ffb189c00d8a536848736e9cba2d4a71f8fba6f97d11867d677886b4a23e4/detection http://47.146.117.214 # Reference: https://www.virustotal.com/gui/domain/foroanticorrupcion.sytes.net/relations foroanticorrupcion.sytes.net # Reference: https://www.virustotal.com/gui/file/6bdcbed80061d3b58f17759a2b932809c060a9a8b399dc92ee658ec5efd2d000/detection # Reference: https://www.virustotal.com/gui/domain/deactivate.pw/relations deactivate.best deactivate.pw # Reference: https://twitter.com/malware_traffic/status/1291168989108998146 204.197.146.48:80 # Reference: https://twitter.com/satontonton/status/1291723797528076290 # Reference: https://app.any.run/tasks/eb656a74-c0ba-4811-98e1-38a8cefaa70f/ http://47.146.32.175 # Reference: https://www.virustotal.com/gui/file/50d58ca2623e7fbbe3265bd78640c81fc3cb01a146c5630f656a18fc27e93c5e/detection 185.45.193.62:8080 216.239.32.21:443 # Reference: https://www.virustotal.com/gui/file/62fe71ddde725e4599889009d466a79b0de683d98a8490979b357732c18b79c6/detection 216.239.34.21:443 # Reference: https://www.virustotal.com/gui/file/7ece6173931237b004f4d24c8bd5ff5808a310f35fd6e630d04272f1e1f4c30e/detection http://24.249.135.121 # Reference: https://www.virustotal.com/gui/file/7c430fa3421e2ea8b9013a4b2d488c721f01245a353a6e93c9f57a99b99a1324/detection http://198.57.203.63 http://78.189.60.109 # Reference: https://app.any.run/tasks/7e3113be-372a-40f7-9cde-6f32fa94d03a/ http://74.120.55.163 # Reference: https://twitter.com/papa_anniekey/status/1293103714136281095 focus123.mycpanel.rs # Reference: https://app.any.run/tasks/412a6dce-5520-4e9e-8254-d42c0fff1bd2/ http://95.9.180.128 # Reference: https://app.any.run/tasks/13508623-0e52-4928-b905-46dc7a7ae037/ http://92.24.51.238 139.99.157.213:8080 # Reference: https://pastebin.com/raw/BPTTq6GH 107.185.211.16:80 96.8.113.4:8080 153.126.210.205:7080 47.146.117.214:80 104.131.44.150:8080 169.239.182.217:8080 95.179.229.244:8080 209.182.216.177:443 209.141.54.221:8080 5.196.74.210:8080 72.12.127.184:443 104.131.11.150:443 200.55.243.138:8080 116.203.32.252:8080 142.105.151.124:443 81.2.235.111:8080 74.120.55.163:80 167.86.90.214:8080 87.106.139.101:8080 37.139.21.175:8080 189.212.199.126:443 103.86.49.11:8080 203.153.216.189:7080 181.211.11.242:80 37.187.72.193:8080 41.60.200.34:80 139.130.242.43:80 181.230.116.163:80 109.74.5.95:8080 121.124.124.40:7080 114.146.222.200:80 157.245.99.39:8080 76.27.179.47:80 62.138.26.28:8080 24.43.99.75:80 93.51.50.171:8080 157.147.76.151:80 83.110.223.58:443 46.105.131.79:8080 119.198.40.179:80 79.98.24.39:8080 176.111.60.55:8080 190.160.53.126:80 183.101.175.193:80 104.236.246.93:8080 5.39.91.110:7080 74.208.45.104:8080 24.179.13.119:80 78.24.219.147:8080 50.116.86.205:8080 200.41.121.90:80 190.55.181.54:443 201.173.217.124:443 85.152.162.105:80 137.59.187.107:8080 152.168.248.128:443 95.213.236.64:8080 222.214.218.37:4143 47.146.32.175:80 110.145.77.103:80 70.167.215.250:8080 173.62.217.22:443 47.144.21.12:443 165.165.171.160:8080 62.75.141.82:80 47.153.182.47:80 87.106.136.232:8080 113.160.130.116:8443 185.94.252.104:443 168.235.67.138:7080 91.211.88.52:7080 204.197.146.48:80 180.92.239.110:8080 61.19.246.238:443 139.59.60.244:8080 # Reference: https://app.any.run/tasks/0a4c6780-43d1-4f2d-bc61-e2c74d604fc7/ http://174.102.48.180 # Reference: https://app.any.run/tasks/f8998e16-9781-4289-bd0f-fc346107935c/ http://176.216.226.44 # Reference: https://www.virustotal.com/gui/file/2cc2799a0f649e3f0d8bbfccd7f693a37a5a8def9094ae3f686169513d1d9ea7/detection 159.203.232.29:8080 # Reference: https://pastebin.com/raw/FUr39rYd 109.116.214.124:443 114.173.201.110:80 176.216.226.44:80 177.32.8.85:80 188.83.220.2:443 190.212.140.6:80 192.210.135.126:8080 197.83.232.19:80 201.213.177.139:80 203.117.253.142:80 207.144.103.227:80 212.93.117.170:80 24.233.112.152:80 51.75.33.120:8080 66.61.94.36:80 67.205.85.243:8080 69.30.203.214:8080 83.169.36.251:8080 85.105.140.135:443 88.217.172.164:443 91.222.77.105:80 97.82.79.83:80 # Reference: https://www.virustotal.com/gui/file/97095bd460f1f5204b572cd269f8c3a3e7e73302bcbaac05b3c0b106e2342f47/detection 201.171.150.41:443 219.240.39.215:443 81.198.69.61:80 94.76.247.61:8080 # Reference: https://www.virustotal.com/gui/file/e221dda5e172df72a7b9b605d2ffff5043219a3980adb5102825ee97e75ff423/detection 213.176.36.147:8080 # Reference: https://www.virustotal.com/gui/file/79fe6e1db7b6d43c9d290ccbfcc0d81127d7d366451e5c04c09980ffd352e388/detection http://47.146.32.175 # Reference: https://www.virustotal.com/gui/file/3813928dd0bac12320f38a077ff89695a08c2b334b3d57fd37130ae2040b3842/detection http://24.233.112.152 # Reference: https://app.any.run/tasks/ca298aef-0237-4f4c-9d4c-16e9ffa8d995/ http://186.109.104.67 # Reference: https://app.any.run/tasks/33208f2a-b475-4c87-a901-2c5ffc9931a1/ http://45.173.88.33 # Reference: https://app.any.run/tasks/dc65776b-ff73-45ee-89c4-34189aaafe80/ http://182.176.95.147 172.96.190.154:8080 # Reference: https://app.any.run/tasks/4ba4ab9b-664c-4817-b84b-a51f891637af/ http://82.163.245.38 # Reference: https://app.any.run/tasks/91f5641c-18d1-42b1-ba94-57a3aab3241b/ 116.202.234.183:8080 # Reference: https://app.any.run/tasks/0b1c53d6-f7a2-4d10-964d-2d416abf2537/ http://162.249.220.190 # Reference: https://www.virustotal.com/gui/file/3eea9f7afe639ed32775963d6fae0261bd31b0927a8d21eb9cbcaadfe7633ae4/detection poonamjoshi.com # Reference: https://twitter.com/papa_anniekey/status/1289005683581435904 microclan.com # Reference: https://app.any.run/tasks/9bc263f3-d30b-466c-9a9f-95121bd5606d/ http://94.49.254.194 # Reference: https://twitter.com/Jan0fficial/status/1297864705504092161 mj-web.dk # Reference: https://twitter.com/Circuitous__/status/1298324692214919170 smileplz.com # Reference: https://twitter.com/yungmay0/status/1298374886499508225 # Reference: https://app.any.run/tasks/6f234b9c-35dd-4659-be3c-f6ee6a6b1567/ pelayoacctg.org.ph quanticaelectronics.com # Reference: https://app.any.run/tasks/3f4cb411-b57f-4535-bf97-0123144a4081/ http://107.5.122.110 45.55.219.163:443 # Reference: https://app.any.run/tasks/7111f9b9-5357-4a91-850c-3471d257a016/ 65.156.53.186:8080 # Reference: https://app.any.run/tasks/191b2189-4ab8-4085-a457-2b1e2aaf3dbc/ 71.197.211.156:80 # Reference: https://github.com/pan-unit42/tweets/blob/master/2020-08-25-IOCs-for-Emotet-with-Trickbot.txt 185.81.158.15:8080 grzegorzkucharski.com karaz-sd.com king61tours.com # Reference: https://twitter.com/seguridadyredes/status/1298903561724669952 http://176.10.250.88 # Reference: https://app.any.run/tasks/0c98e26c-ad79-46e3-b603-cd4f36470c69/ http://98.13.75.196 # Reference: https://pastebin.com/raw/QUeZ8m10 112.78.142.170:80 134.209.193.138:443 162.144.42.60:8080 172.91.208.86:80 184.66.18.83:80 188.219.31.12:80 190.96.15.50:80 207.144.103.227:80 212.93.117.170:80 217.199.160.224:8080 24.26.151.3:80 37.205.9.252:7080 54.38.143.245:8080 65.156.53.186:8080 72.167.223.217:8080 73.116.193.136:80 78.189.60.109:443 86.57.216.23:80 91.75.75.46:80 93.51.50.171:8080 98.13.75.196:80 # Reference: https://blog.talosintelligence.com/2020/08/threat-roundup-0821-0827.html (# Doc.Downloader.Emotet-9412146-0) abcofcricket.com reliancectg.com # Reference: https://www.virustotal.com/gui/file/b59c25c29ded7dad9f0015a8ae0101c845220fc92ac6e0ecbc1c4ceaed70ac18/detection http://173.94.215.84 # Reference: https://twitter.com/Cryptolaemus1/status/1300488497376243712 142.44.137.67:443 # Reference: https://app.any.run/tasks/d9a26e5e-6940-4e71-9c3b-670395fcbe7d/ http://210.1.219.238 # Reference: https://www.virustotal.com/gui/file/05d96fd627d3c6cc52fa1932fd991c983589c0c9acabdac750639eb415203d46/detection 5.56.132.177:8080 93.115.23.115:8080 # Reference: https://app.any.run/tasks/95575a4a-0aeb-49ba-8fa3-149302fde1d9/ http://118.2.218.1 # Reference: https://app.any.run/tasks/27d34ee4-c459-4580-8616-e0fc34a7ddff/ tomssteakhouse.com/wp-includes/ /BWQwW/ # Reference: https://app.any.run/tasks/d57d3def-5cb3-443a-a27d-08fdb95276a3/ qstride.com/img/0/ /FrbJX7FPH/ /HxFvQLG60ICjqj/ # Reference: https://app.any.run/tasks/48ffbd45-913c-4998-9830-ed73775f6e3d/ vidriodecoracion.com/wp-admin/ vanbrast.com/bleech/ /CC2BJDZl0/ /x6KkTJVFA/ /4oy05GSOX/ # Reference: https://app.any.run/tasks/c600b9fd-e9ed-476b-9882-2a396f839313/ vuatritue.com/wp-admin/ /2sRxZP6U/ # Reference: https://app.any.run/tasks/44089aba-65fe-4bb7-a42d-2e4fb6ae3861/ # Reference: https://tria.ge/200828-g57747h5fn/behavioral1 sitecgps.com # Reference: https://twitter.com/James_inthe_box/status/1305445833903546369 # Reference: https://app.any.run/tasks/777df841-2292-45e7-aff2-9e37ac1e1c25/ http://50.91.114.38 # Reference: https://paste.cryptolaemus.com/emotet/2020/09/15/emotet-malware-IoCs_09-15-20.html 36.91.44.183:80 180.26.62.115:443 45.46.37.97:80 182.253.83.234:7080 113.156.82.32:80 185.183.16.47:80 134.209.36.254:8080 79.137.83.50:443 41.212.89.128:80 113.160.248.110:80 82.118.225.196:7080 220.147.247.145:80 41.84.243.145:80 68.69.155.181:80 115.176.16.221:80 126.126.139.26:443 219.94.242.134:8080 195.251.213.56:80 159.65.140.182:80 118.163.97.19:8080 8.4.9.137:8080 92.24.50.153:80 58.27.215.3:8080 111.67.77.202:8080 104.156.59.7:8080 38.88.126.202:8080 202.188.218.82:80 94.23.216.33:80 219.74.18.66:443 50.121.220.50:80 61.92.17.12:80 202.153.220.157:80 185.178.10.77:80 78.47.87.196:8080 190.101.48.116:80 167.71.227.113:8080 216.47.196.104:80 5.189.182.214:8080 110.5.16.198:80 200.120.241.238:80 82.80.155.43:80 190.85.46.52:7080 54.38.143.246:7080 54.37.42.48:8080 220.109.145.69:80 49.243.9.118:80 156.155.166.221:80 51.38.237.230:8080 187.189.66.200:8080 62.210.90.75:443 181.169.34.190:80 50.91.114.38:80 45.177.120.37:8080 167.114.122.37:80 82.225.49.121:80 75.80.124.4:80 189.160.188.97:80 67.121.104.51:20 116.202.10.123:8080 103.229.73.17:8080 124.41.215.226:80 145.239.169.32:7080 103.80.51.122:8080 5.39.79.163:7080 117.247.235.44:80 82.230.1.24:80 162.214.68.171:8080 121.7.127.163:80 144.91.127.82:8080 89.216.122.92:80 145.239.64.167:8081 96.227.52.8:443 45.230.228.26:443 182.227.240.189:443 96.245.123.149:80 213.196.135.145:80 45.79.16.230:7080 74.136.144.133:80 61.197.92.216:80 88.247.58.26:80 113.193.239.51:443 2.144.244.204:80 155.186.0.121:80 78.187.156.31:80 80.200.62.81:20 190.194.12.132:80 138.201.45.2:8080 74.58.215.226:80 77.106.157.34:8080 51.38.124.206:80 139.59.67.118:443 74.134.41.124:80 42.200.107.142:80 51.89.139.219:8081 76.18.16.210:80 181.95.133.104:80 120.51.34.254:80 89.248.250.44:8080 223.133.20.171:80 128.106.187.110:80 119.92.77.17:80 79.133.6.236:8080 185.215.227.107:443 223.17.215.76:80 5.189.178.202:8080 37.210.220.95:80 80.86.81.31:4143 153.177.101.120:443 103.48.68.173:80 220.245.198.194:80 202.166.170.43:80 221.184.46.216:80 140.186.212.146:80 78.249.119.122:80 78.114.175.216:80 120.138.30.150:8080 104.236.168.190:7080 95.215.46.191:8080 94.1.108.190:443 103.133.66.57:443 37.48.84.223:8080 189.150.209.206:80 # Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-09-25.txt 104.131.103.37:8080 104.131.41.185:8080 110.142.219.51:80 111.67.12.221:8080 111.67.77.202:8080 114.158.45.53:80 12.162.84.2:8080 137.74.106.111:7080 138.97.60.141:7080 152.169.22.67:80 155.186.0.121:80 170.81.48.2:80 172.104.169.32:8080 174.113.69.136:80 177.73.0.98:443 177.74.228.34:80 178.250.54.208:8080 181.129.96.162:8080 181.30.61.163:443 184.66.18.83:80 185.178.10.77:80 185.183.16.47:80 185.215.227.107:443 185.94.252.12:80 185.94.252.27:443 186.103.141.250:443 186.70.127.199:8090 187.162.248.237:80 188.135.15.49:80 189.2.177.210:443 190.115.18.139:8080 190.147.137.153:443 190.163.31.26:80 190.190.148.27:8080 190.195.129.227:8090 190.2.31.172:80 190.24.243.186:80 190.6.193.152:8080 191.182.6.118:80 192.241.143.52:8080 192.241.146.84:8080 199.203.62.165:80 2.47.112.152:80 204.225.249.100:7080 209.236.123.42:8080 212.71.237.140:8080 213.197.182.158:8080 216.47.196.104:80 217.13.106.14:8080 217.199.160.224:7080 219.92.13.25:80 220.109.145.69:80 38.88.126.202:8080 45.16.226.117:443 45.161.242.102:80 45.33.77.42:8080 45.46.37.97:80 5.189.178.202:8080 5.196.35.138:7080 50.121.220.50:80 50.28.51.143:8080 51.159.23.217:443 51.255.165.160:8080 51.38.124.206:80 54.37.42.48:8080 61.197.92.216:80 61.92.159.208:8080 64.201.88.132:80 65.36.62.20:80 67.247.242.247:80 68.183.170.114:8080 68.183.190.199:8080 68.69.155.181:80 70.32.115.157:8080 70.32.84.74:8080 72.47.248.48:7080 73.213.208.163:80 74.136.144.133:80 74.58.215.226:80 77.106.157.34:8080 77.238.212.227:80 77.90.136.129:8080 78.249.119.122:80 80.11.164.185:80 82.196.15.205:8080 82.230.1.24:80 82.76.111.249:443 83.169.21.32:7080 87.106.46.107:8080 92.24.50.153:80 94.176.234.118:443 95.9.180.128:80 96.227.52.8:443 96.245.123.149:80 98.13.75.196:80 # Reference: https://github.com/MBThreatIntel/malspam/blob/master/Emotet_2020-10-14.txt newcarturkiye.com/wp-admin/Sbp/ hbmonte.com/wp-content/wer/ thewakestudio.com/wp-admin/3D/ formedbyme.com/wp-content/3e/ lilianwmina.com/wp-includes/Y/ partners.ripplealpha.com/data/ultimatemember/L/ unitedway.giving.agency/sys-cache/XnT/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html 0931tangfc.com/images/eTrac/vmaYsYjxcGyLiXUd/ arquivopop.com.br/index_htm_files/D9GIZL0JPRV/2ak4jCRkru/ pulseti.com/arq/LLC/nf3Otsnzwl/ s165469.gridserver.com/2e4e/DOC/v4Ni8lfQic188UKvrV/ weblabor.com.br/avisos/lm/qjQdnNiipH2ePqaY8c/ admin.creciendoconelarcoiris.com/contato/Documentation/O3b3OxuKOsHx7hOCuF/ katthus.site/wp-admin/INC/Wg7iIDE77Q9HKsEdjYH6/ redpandazine.com/rjHumTUCZD/attachments/TJwYOgSjOxaFMXTgZk3/ registro.creciendoconelarcoiris.com/lab-supplier/paclm/cigsGO51PCwBR/ thetastrike.club/monitor/Reporting/2xxcosaiQm/ vesinhlinhanh.vn/zybo-z7/public/uXHtKU6YnwmtjAcz/ 1stcombs.suffolkscouts.org.uk/cgi-bin/browse/ 3000khoahoc.com/data/Scan/6ahj2xzdg1c/q3ky24bjkzcj2r3blfksen3/ account.scopemedia.com/revision/payment/ acropol-eg.com/www.acropol-eg.com/Overview/ ajwaalmosafer.com/sys-cache/lm/pipnq2lw33/ al3akarat.com/sys-cache/INC/qtymdpa/ amrsyd.com.au/cgi-bin/Documentation/x3lwxecjvkp/ amruthacollegeofeducation.com/css/payment/a1zi5536tf7n/eu4lfqyuym37gs/ arian21.com/alfacgiapi/eTrac/omeqgl2aq6hb/ assecon.com.br/novoassecon/INC/n5yi6u/ atelierpinkcity.com/wp-content/7hfl1ur9wt/ beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/ blizloaded.com/wp-admin/network/report/qfepmhl/ cafehomes.vn/wp-content/Documentation/lv46jsk/ caipa.net.cn/docs/ caipa.net.cn/TN/sites/1dvfcd42/dxkp91i027qbecny5eizt0jxz2ucoi/ constructoraalpes.com/owl/Overview/ cplt20live.com/wp-includes/Text/Diff/payment/ creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/ cursoscaballeros.giving.agency/sys-cache/parts_service/mvvm4m3b1c8/ dagostim.com.br/fill/lm/jfb9ag79u/22lfpp5sekowuy8yme1/ ddazzlediamonds.com/advertisel/Documentation/ ecolushlanka.com/wp-admin/swift/c2clivwye63/ edduteayuda.com.co/sys-cache/sites/unw89lh/ f24.victor-studio.com.tw/wp-admin/public/mbvkcbg/ fabdraft.com/wp-admin/INC/5eoc0fadj1j1/ fleshupdate.com/wp-admin/F0xAutoConfig/public/ foodhanoi.net/wp-admin/swift/s70o7ewtgdxr9qar7cpi68oc/ gaialacticos.com/wp-content/payment/ gblcleanercanada.com/homemade-lash/01328/i21wld87/ hanedu.vn/wp-includes/px2fs1/ hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/ imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/ jietuo66.com/wordpress/Overview/q5yx2v/ joininfo.ca/articleprint/paclm/2muql8fi/ lachaloupe.net/wp-admin/OCT/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/\/ lp.app4you.app.br/wp-admin/02/2s0u94athcx7/90jqr1opf/ merkadito.mx/upload/OCT/ nengjiankang.com/wp-admin/payment/bq02xr1fpjor/t4m5sfqj3pcjqze0j69qw1d3imf5lg/ oel-magazin.de/wp-includes/paclm/ passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/ paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/ pelavo.pl/wp-admin/attachments/ phamxuanquynh.com/wp-content/report/nuec7hz/ phaneedepool.com/wp-admin/invoice/ phonestore-telephonie.fr/wp-admin/public/sue67m/ portugal.scyla.com.br/redirect2/FILE/1pc1k1k89mlkp/ premier-h.com/simulate-logistic/OCT/ project-streams.eu/wp-admin/mqkjk8zv/ projects.bigprint.pictures/cgi-bin/public/pzx10o27/0fprs9c/ promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/ qpcpym.com/ErrorFiles/Reporting/60i5dt9zv/ rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/ randradeseguros.com.br/produtos/esp/vyh32iy3g2fa5jcmt9zkqqm/ rossinglish.com/inverter-repair/browse/gwc4o8/ s171184.gridserver.com/poll_success/Overview/ santoferragens.app4you.app.br/wp-admin/swift/ shenji.victor-studio.com.tw/wp-admin/attachments/91q66l6/ sherif-hammad.com/wp-includes/Scan/uwze9ca1t/ shop.scyla.com.br/wp-includes/esp/uqvl95sehq7p7w/ srno.hu/sys-cache/report/sv98lyo4q/4s5045m4kd/ sulematravel.es/wp-includes/paclm/ sunrisejanitorial.ca/assets/statement/ switch2cloud.net/wp-admin/balance/ teesvalleywashrooms.co.uk/ALFA_DATA/report/ thebeauticianofficial.com/sys-cache/paclm/ thedigitalsquad.net/sitemap/attachments/412tmhd4/ thehotelelevate.com/cgi-bin/Documentation/gtfh86im642/lj4zbliyn52t2/ thenewschef.com/wp-content/06fi03s6qe8oi3941c2yh119fzzpk7/ thientam.online/wp-admin/Scan/ tunimatec.com.tn/Document/esp/ upload.3000khoahoc.com/temp/balance/achxpcbh8w0p/j8vw36gerbcsmsy/ upload.thuviendata.com/2020-02/ptpgzydx057y/ vilong.us/sys-cache/balance/u5s3/ w-maassltd.co.uk/sys-cache/LLC/zenx05r/ ffval.hr/wp-content/statement/ womenup.cz/wp-includes/FILE/ xnk.jbzie.com/wp-admin/public/ 1stcombs.suffolkscouts.org.uk/cgi-bin/browse/ 45gradi.com/awstats-icon/OCT/5isfj61s/ b2bcom.com.br/site/Document/7h7vt4faff/qh1twu66o573mejk/ beletage-berlin.de/how-to/rgrjpl6yqvl1/vp9lg8lwow/ bigfesta.app4you.app.br/wp-admin/statement/ biggboss14show.net/wp-includes/paclm/ blizloaded.com/wp-admin/network/report/qfepmhl/ blog.iymazon.com/wp-content/334214278238924/2tu/ chinadarocha.app4you.app.br/wp-admin/Scan/ciqujxfc8e/ columbiasaude.com.br/sys-cache/INC/5r2ics0dgwv1n43zgmrpwbo/ cplt20live.com/wp-includes/Text/Diff/payment/ creciendoconelarcoiris.com/wp-content/uploads/dsufiymq/ ddazzlediamonds.com/advertisel/Documentation/ digitalscholarbd.com/zs/esp/7qar1o17w/ finally-con.com/sys-cache/attachments/mweke849y4y/zc6xt80o6awna5pi5a3ra5mtvi/ gaialacticos.com/wp-content/payment/ hanedu.vn/wp-includes/px2fs1/ hhdcoop.com/online-surveys/Scan/3oq6bsiu/idbbhm437sqsckv4kjkl/ homewatchamelia.com/wp-admin/docs/ hy-api.cn/ceo-retirement/payment/ imasurvivor.co/sys-cache/mq6gqof5/ldhs0b1dt4u9a6uo2x3rc572x0xsn/ informacion.creciendoconelarcoiris.com/wp-content/uploads/payment/qogke1c2uoe4/ j84.me/wp-admin/Reporting/ koreashop24.com/email/Documentation/mfzm49xudxjjikq8kml9c2ta84j6s2/ lachaloupe.net/wp-admin/OCT/ leads.afrus.app/sys-cache/Document/8ozykvzu/3nrvisj8b4bs/ librosporfavor.com/wp-content/swift/uid5bmt/547jbnw6kkyl6m2f/ liubaozi.cn/wordpress/sites/txbp5jf5wvfa08bt/ longshushu.com/invoice/nw2nk3jpj23/ margaash.us/sys-cache/DOC/0u9thggdtv/1zn69dp08z987/ modelo-delivery.app4you.app.br/wp-admin/yi8alm/ newdimension.co.th/wp-admin/statement/0yun1pqrev1cplh8bqi820fi/ oel-magazin.de/wp-includes/paclm/ passoapasso.giving.agency/sys-cache/browse/6jgwwg7kmhw/8acjsx5sd7rdjp/ paymentsconsole.giving.agency/sys-cache/attachments/nj1kk6rrtrpdrh5o5faz9of854z/ pelavo.pl/wp-admin/attachments/ phamxuanquynh.com/wp-content/report/nuec7hz/ promembership.co/wp-content/swift/nnezyzsfeg/p8rtn3l7lhnfillp/ rahimi-clinic.com/wp-admin/esp/dpa72hv4g7t/t0kr24hc/ repuscolombia.com/presupuestos/DOC/ resilientfutures.com/wp-content/k290eennf1/ santoferragens.app4you.app.br/wp-admin/swift/ selerakampung.com/wp-admin/Documentation/d8gqui/ skenglish.com/wp-admin/statement/ stevegates.co/free-low/attachments/ruokgkmy6v1uj3/ sulematravel.es/wp-includes/paclm/ tcamexpo.com/wp-content/parts_service/msql9lpdtsv3/ toy-house.pk/sys-cache/DOC/5s5eis2d/69fd5dr6k/ vilong.us/sys-cache/balance/u5s3/ vinhomesq9.vn/sys-cache/492874195037797/ w-maassltd.co.uk/sys-cache/LLC/zenx05r/ webturf263.com/wp-content/eTrac/1zdnklmh9tcx017cd/ lvl.com.br/wp-admin/INC/lr9pldlk3kv/ tianhengdaojituan.com/wp-includes/sites/ zhengtiankai.com/wp-content/public/gblpdj3y0y3a/y6iai/ zirrimarra.eus/wp-content/Documentation/svz0w6/ # Reference: https://twitter.com/Cryptolaemus1/status/1316730653044600833 financiamentointeligente.com/wp-content/Fj/ removepctrojan.com/wp-admin/6/ aahnaturals.net/wp-includes/TX/ sff3d.com/3d/xk/ engineering-2s.com/SS_Paypal/X/ lsmanga.com/migration/FaU/ beta.zoneberry.com/bysyswexecf/x3/ # Reference: https://twitter.com/Cryptolaemus1/status/1316751913774444546 # Reference: https://twitter.com/Cryptolaemus1/status/1316751914328096770 imenbartariran.com/wp-admin/CZ/ duberysunglass.com/img/A/ icilimoges.com/wp-includes/Ym/ trungtamgioithieuvieclamdongnai.com/submit_form/sFO/ events.medialogic.cloud/blazor-preventdefault/r8W/ inspira-psicologia.com/css/F/ sheriaspace.com/wp-admin/R/ # Reference: https://twitter.com/Cryptolaemus1/status/1316759252371988480 happyseedscharity.com/wp-includes/EgjM/ ecolands.info/wp-includes/LZ7O0h/ liguendembo.com/wp-includes/DeAM6hn/ xiaolechen.com/pollinodial/5lTy0/ mallowsvirtualcreatives.com/wp-content/2pw1/ rfcrfc.com/wp-admin/oZ/ bbs.rfcrfc.com/api/V/ # Reference: https://twitter.com/Cryptolaemus1/status/1316779526404427777 jrvservices.com.br/JRV_ANTIGO/d0cNATaKxy/ aqfsistemas.com.br/manufacturerl/hA/ paramythou.gr/wp-includes/jmoG/ foxfire.ph/wp-admin/YQW/ novaes.com.br/files/uZK/ excelenceimoveis.com.br/wp-includes/k/ equipamentosmix.com/10/aK99ApiT/ # Reference: https://twitter.com/bomccss/status/1316998263094996992 # Reference: https://twitter.com/Cryptolaemus1/status/1316992711904399360 # Reference: https://twitter.com/Cryptolaemus1/status/1316985594694766593 # Reference: https://app.any.run/tasks/dfefe288-fc49-4d40-b00a-f517363910bc/ divemed-tech.com/will-a/gjzE/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ bazarkotulpur.com/wp-content/0tu/ geosrt.com/atrabiliary/yfH/ dmtland.com/wp-admin/4k/ zero-finance.com/wp-content/6sa/ myseedology.com/cgi-bin/7GzFsT/ foulgerteam.com/foulgerteam.com/i/ amicusdh.org/coaid/0g/ charlesze.com/content/z0lGKS/ tiktokvapes.com/wp-admin/xL/ blackstonetutors-onlineportal.com/wp-includes/fm/ bachhoanhale.com/wordpress/I/ invaluablearts.com/6sn1f/t/ mycollegecp.com/content/kRL/ tatilburdur.com/scutum/KV/ pgiso.com/wp-admin/mCQ/ # Reference: https://twitter.com/Cryptolaemus1/status/1317042881517977600 divemed-tech.com/will-a/gjzE/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ bazarkotulpur.com/wp-content/0tu/ olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/ studyguidewithlakshmi.com/directory/v982c9VH5c/ pandebaik.com/_vti_bin/Y/ agroproindia.com/cgi-bin/95r09UGlIj/ # Reference: https://twitter.com/Cryptolaemus1/status/1317053813132546048 vuatritue.com/wp-admin/Ux/ shraddhacarrentalindore.com/wp-includes/M/ fortunelabels.com/test/SZ/ p4uclasses.com/wp-content/G/ tanger-soft.com/does-leaving/Kig/ pxid360.com/wp-admin/PN/ childselect.com/cgi-bin/y/ # Reference: https://twitter.com/Cryptolaemus1/status/1317061556958646272 dodungphongtam.com/content/GZ5Mk/ symbiosis-consulting.com/blogs/FVX8XRa/ getquicksafaris.com/wp-content/nJtvlV9ha/ sakhilalleather.com/wp-admin/t7GkPP4/ metodotrcd.com/wp/d/ borjboland.com/wp-admin/pH/ rangpurbarassociation.com/cgi-bin/2BdjrjymS/ # Reference: https://twitter.com/Cryptolaemus1/status/1317082747186434048 safeabortionrx.com/ext/XII/ brightcdr.com/wp-content/LNTELiq/ cavancart.com/staticmap/WR/ homeabortionpillsrx.com/ext/N6SKd/ portal.digitalcompass.com/Styles/deeB/ apidocs.dcdial.com/wp-includes/H/ 360www.ca/content/2/ # Reference: https://twitter.com/Cryptolaemus1/status/1317097518711377923 paganwitch.com/wp-admin/0pd/ creationskateboards.com/shred/H/ gtech.thngo58.com/wp-includes/9zo/ dlhagency.com/cgi-bin/8z/ drwalidabdelgaffar.com/dentalia/lL/ rtjandxly.online/wp-content/kir/ bnmintl.com/cgi-bin/Ibu/ # Reference: https://twitter.com/Cryptolaemus1/status/1317112136636731392 iei7.com/wp-admin/5ShKLn/ right2liferx.com/admin/AcgEH/ poppylon.com/wp-admin/E22zho/ personaltrainersindia.com/fonts/Q55X/ eldahwa.com/9th-grade/F2Kw/ meeak.com/wp-admin/lcJ/ prabhatcycles.com/prabhatcycles/U1i7/ housetutor.wasseela.com/x2ekf/tMR/ # Reference: https://twitter.com/Cryptolaemus1/status/1317176477734047745 thehouseofpeace.org/cgi-bin/NZdfyylt/ wayfinancial.ca/wp-content/3H9P2P9qn/ tola.ae/docs/t/ bms-guisborough.co.uk/wp-admin/nIdNw7fA/ ardos.com.br/simulador/hpWciv1B/ andrycarias.com/grupo-desafio.com/EZ2w/ solidrockwesleyan.ca/wp-includes/WeqhX7hE/ # Reference: https://twitter.com/Cryptolaemus1/status/1317227929072533504 storagelookup.com/wp-admin/5pmuuxWKoN/ flowerdeliverypasadena.com/wp-content/J8tPsVAF4/ concrecasa.cl/wp-admin/RUQ87/ atrocity.de/blogs/iRB9/ svi.bo/wp-content/5CX8zlve/ gosbooking.com/wp-admin/ej5/ dummyestudio.com/wp-content/bP/ # Reference: https://twitter.com/Cryptolaemus1/status/1317238025701724160 wiwildcare.org/wp-includes/Ri/ gyandarbar.com/EDU/wBubLrB/ giannaspsychicstudio.com/cgi-bin/AAHr/ berkeywaterfilterplus.com/wp-admin/A/ myanmarlegalservices.com/wp-admin/87M/ bestgunsafety.com/wp-admin/u23zKk2/ mantenanews.com/wp-content/G/ liciousbbl.com/wp-includes/5k8n/ # Reference: https://twitter.com/Cryptolaemus1/status/1317354642494410753 fumigacionesmac.com/wp-includes/je/ excellence4u.com/wp-snapshots/brAvtr/ balancingelephants.com/wp-content/kH/ tahirsylaj.com/error/UpDueJ/ bestoffershop.com/wp-admin/k/ wintekelevators.com/wp-content/xExD/ supplementhouse.net/wp-content/HXLS7K/ solddolls.com/cgi-bin/xwoLV/ # Reference: https://twitter.com/VirITeXplorer/status/1318095610537443328 tahirsylaj.com/error/UpDueJ/ bestoffershop.com/wp-admin/k/ wintekelevators.com/wp-content/xExD/ supplementhouse.net/wp-content/HXLS7K/ solddolls.com/cgi-bin/xwoLV/ fumigacionesmac.com/wp-includes/je/ excellence4u.com/wp-snapshots/brAvtr/ balancingelephants.com/wp-content/kH/ # Reference: https://twitter.com/Cryptolaemus1/status/1318118172285947904 geoportal.rivasciudad.es/wp-includes/MD/ baltische-rundschau.eu/wp-content/uploads/2pj7/ leboutique-store.com/wp/dOs/ bespokebysumitgrover.com/wp-includes/mwYw/ rajania.com/cummins-engine/nPd/ aabeds.com/jtdla2131/Y/ svi.bo/wp-content/NIEP3/ podzalog39.ru/podzalogOLD/n/ # Reference: https://app.any.run/tasks/de25cba4-817b-4931-b20d-95f180fe5c0c/ travelsportrepeat.com/wp-content/0/ wemusthaveit.com/freeze-columns/KQiSFq7/ tuhishair.com/blog/g3H/ entout.co.uk/wp-includes/wdh/ blog.artemisaritim.com/accuracy-of/z/ ad-avenue.net/-/MH6/ wintekelevators.com/avast-premium/S6/ # Reference: https://twitter.com/Cryptolaemus1/status/1318122399079014400 tonolledo.com/docs/R6/ jegsnet.com/wp-content/J/ melrosebeautycenter.com/windows-10/MM/ blog.gadzoom.net/wp-includes/g0/ gtech.thngo58.com/zwift-level/xnH/ hbrpatel.com/wp-content/amT/ indiastartup360.com/wp-admin/Cm/ # Reference: https://twitter.com/abel1ma/status/1318130996332564482 # Reference: https://app.any.run/tasks/12a094d8-1806-4349-a485-8e3ea950f0f6/ tudorinvest.com/wp-admin/rGtnUb5f/ dp-womenbasket.com/wp-admin/Li/ stylefix.co/guillotine-cross/CTRNOQ/ # Reference: https://twitter.com/VirITeXplorer/status/1318138248783450115 ardos.com.br/simulador/bPNx/ drtheurelplasticsurgery.com/generalo/rhrhflv92/ bodyinnovation.co.za/wp-content/2ssHvi/ nomadco.es/wp-admin/MvwVHCG/ # Reference: https://twitter.com/Cryptolaemus1/status/1318189858989420545 stech.com.np/wp-admin/U/ worlddatapro.com/flama-condensed/2fPei5/ bluedemonlodge.com/wp-content/yBvR7Tw/ laindianrestaurants.com/wp-includes/B3pPZIas/ daogou.icu/wp-admin/kyJ4pA/ wisdomapologetics.com/neje-master/KM/ fotomax.fr/cgi-bin/dm/ # Reference: https://twitter.com/Cryptolaemus1/status/1318230428868874243 guarany.net/zefiro/K/ yanlipin.net/wp-admin/Q/ aanshtravels.com/_notes/JLM/ tcamexpo.com/wp-content/c/ easihacks.com/wp-includes/d/ cosyshe.com/wp-includes/A41/ goodpriceshoes.com/wp-includes/0Ko/ # Reference: https://twitter.com/Cryptolaemus1/status/1318269256295981056 onepalate.biz/wp/YuUcpzM/ webdachieu.com/wp-admin/J/ smallbatchliving.com/wp-admin/uccE/ richellemarie.com/wp-admin/xlTWW/ richelleshadoan.com/wp-admin/Ucrkcvp/ holonchile.cl/purelove/Y4/ a2zarchitect.com/wp-admin/LAs0P/ raumfuerneues.eu/error/AuTiH/ # Reference: https://twitter.com/Cryptolaemus1/status/1318286786494402562 yixuecourse.com/wp-includes/wE/ estylohouse.com/pms/application/language/e/ 77wins.club/wp-content/4y/ layagroup.net/wp-admin/5h/ zionimmigration.com/scss/bHd/ vivoslotpulsa.com/wp-content/1/ wizzdomhub.com/wp-content/IZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1318425528760750082 vidadohomem.com/wp-content/Eu/ virtual-event-service.com/assets/tW/ mallowsvirtualcreatives.com/llfdsofdsfss/51C/ rovonize.com/email.rovonize.com.rovonize.com/M/ mahfuzur32785.com/identify-the/IM/ africafoodworld.com/wp-admin/WD/ bloglamtinh.com/wp-admin/N/ # Reference: https://twitter.com/Cryptolaemus1/status/1318468646134571009 wodsuit.com/ram-aisin/7r9/ hoobiq.com/cgi-bin/Xyv/ bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/ vat201.com/calculator/itQ/ vikinggg.com/hydrolysis-of/bY/ mohamedsayed.com/wp-admin/Zt/ hostimpel.com/js/q/ # Reference: https://twitter.com/Cryptolaemus1/status/1318469815082881025 rossie.in/wp/6L0U/ envirohubconsulting.co.za/cgi-bin/vI5/ grandages.org.my/office/y6Uz/ dailypharmajobs.com/cgi-bin/CyCdO/ comercialadvance.com/images/MFXxM5Tg/ royalnight.in/wp/lEA2gXXBj/ gymmuscle.tk/wp-content/U8j1Bkh/ # Reference: https://twitter.com/Cryptolaemus1/status/1318644038057287680 salesforcesupports.com/wp-admin/UK4/ sakcampharma.com/wordpress/L8E/ laosonline88.com/old-web-bk/M8B/ quicktowtowing.com/indexing/N2/ tecnolora.com/grup-bo/NWd/ geoffoglemusic.com/wp-admin/Mym/ 58yuesao.top/wp-admin/HG/ # Reference: https://twitter.com/Cryptolaemus1/status/1318657897623134209 nursefreedomsystem.com/cgi-bin/eYae/ masterbookpub.com/cgi-bin/H/ 247tvad.com/wp-includes/CLwQ/ wearenursesvip.com/wp-includes/ZbcC/ demo.acousticify.net/intune-company/UAONxeh/ hello.congduhoc.com/logstash-mutate/d/ musicrepublicmagazine.com/wp-content/HbW/ littleforbig.com/menuso/5IW5/ # Reference: https://twitter.com/Cryptolaemus1/status/1318666564141502464 keishixx.com/apc/ew5/ zylko.com/wp-admin/SD/ kyleesbirthdaybash.com/wp-includes/Sco/ kbpatinhaus.com/wp-includes/5r/ almaart.ir/wp-ontent/7pp/ premiumnitrilegloves.com/wp-content/7/ mommafi.com/wp-includes/S/ # Reference: https://twitter.com/Cryptolaemus1/status/1318816075820224514 safarsetutours.com/safarsetutours/do75yh/ iimedu.uk/wp-includes/m8YXYxu/ weeklymasterclass.com/wp-includes/ZqsGa/ onetrepreneur.co.uk/test/gQX87a/ commonsenserevisitedbook.com/wp-includes/6BAdVn6/ taabgroup.com/divi-woocommerce/7BHbH/ pruebadario.ecomerciar.com/wp-admin/jSEbK2o/ rebuneae.com/wp-content/EivSc/ allindiacrimepress.com/blogs/media/AO9/ housetutor.wasseela.com/x2ekf/sWv/ avoyrakib.com/wp-admin/28/ kianyadak.com/ik/M/ souryumon-alive.net/VL/ mail.cozyreview.com/Ko8/ econews.treegle.org/how-to/v/ atrezzos.beneficiosparaempleados.com/wp-admin/kzqh1zM/ vinarorganics.com/css/L0vMERYKQD/ adidasyeezy.store/welph/ccrcbr1xFU/ zunan.com.tw/wp-admin/lQ59Q/ vstsample.com/wp-includes/YV/ tuneclick.co.uk/img/eBV/ library.strophicmusic.com/test/VNTHdB7678/ # Reference: https://twitter.com/Cryptolaemus1/status/1318865011683610626 plakatjogja.com/wp-content/X/ vnadevelopers.com/wp-admin/BF/ nursesweekparty.com/wp-includes/bQR/ hodmunha.info/wp-includes/Ce/ novaworlds-muine.com/khudothiaquacity.com/a/ weapontoys.com/wp-content/Ok/ bold-c.com/wp-admin/Ac/ # Reference: https://twitter.com/Cryptolaemus1/status/1318916731914670084 michaelandrewsbakery.com/wp-admin/M/ forsalebyowner247.com/wp-includes/8m/ webgisjambi.com/wp-content/uploads/V5a/ tigerstormtraffic.com/wp-includes/h23/ optimisticdeals.com/wp-content/S/ twogirlscleaning.com/openbayl/KaI/ online2u.biz/ogretmenevi/4Yj/ # Reference: https://twitter.com/Cryptolaemus1/status/1318920275732418566 aspensnowmasswebcam.com/wp-admin/SC6c2o/ ticket1st.com/wp-includes/98Zkfi/ eyebrowandme.com/cgi-bin/3NN/ newsfocus123.com/96kaifa/cc1/ dev.muzigal.com/cron/Mdn/ dehateet.com/wp-admin/Gqg0Ma/ keithdougherty.com/wp-includes/Yen85/ nurseprizes.com/wp-includes/hS/ # Reference: https://twitter.com/Cryptolaemus1/status/1318943116016091136 ecommarket.xyz/uptown/LSm7vXy0v/ pearlcomputers.com.pk/bitcoin-apk/37qD0b/ treeremovalnerds.com/wp-content/7n5ut/ isupportthecause.org/wp-includes/sbCBUzN/ englishmatters.hk/wp-admin/hDcXxqmeD8/ innoovation.com/blogs/sOKc4/ habiganjjournal.com/wp-content/TUQB/ # Reference: https://twitter.com/Cryptolaemus1/status/1318995699904688139 kpfniaga.com/backup/Qv/ ethanstech.com/wp-includes/Z/ fsl.com.mx/wp-admin/2T7Ws/ thecitizensforum.org/cgi-bin/kU/ murari.es/wp-content/h/ xcharliesdevils.com/wp-includes/ysv/ hrinternationalbd.com/selectar/h/ caballerosdesanfernando.es/wp-includes/re8nKUj/ # Reference: https://twitter.com/Cryptolaemus1/status/1318995430852694017 farzadkiasat.com/wp-admin/Eb/ hunmao.net/wp-includes/C/ tallyandfin.com/cgi-bin/P/ gosvish.com/wp-admin/B/ searchhomeusa.com/wp-content/o/ h5yx.vishou.net/css/i/ oleegoli.com/indexing/xS/ # Reference: https://twitter.com/Cryptolaemus1/status/1319019223016943620 sangamapparel.com/wp-content_old/whE/ techarpit.xyz/wp-content/GM/ sarfco.com/wp-content/6YE/ best-browser.top/wp-includes/lL/ alternatul.com/wp-includes/4rS/ rapicampi.com/wp-content/ib/ initiativepropertiesltd.com/home/S7s/ # Reference: https://twitter.com/Cryptolaemus1/status/1319048991175331847 scolarite-fssm.uca.ma/wp-content/uploads/Wmo0C/ autofit.pt/wp-content/jjVLAR/ jinyangsheetmetal.co.kr/wp-content/Kx7IN1cEY/ mindgeniltd.co.uk/indexing/X5bSo/ sinanashkan.com/wp-admin/DkHxvf8KX/ navneetfamilycoach.com/wp-content/IRX/ usasnet.com/wp-includes/6k/ admvero.com.br/eleicao/EJcX/ coolfit.in/wp-content/ivi/ equipamentosmix.com/10/Bjky/ murari.es/wp-content/h/ hrinternationalbd.com/selectar/h/ thestudio-ct.co.uk/events/P3/ kailaasa.ca/wp-admin/zeJssVj/ khudanculongdien.vn/wp-admin/HB/ admvero.com.br/eleicao/EJcX/ coolfit.in/wp-content/ivi/ equipamentosmix.com/10/Bjky/ # Reference: https://twitter.com/Cryptolaemus1/status/1319223065696415745 paasologrp.com/parseopmlo/5/ launch.tactikafacewear.com/wp-content/Uk/ singohotel.com/dashboardl/q/ mymathlabhomework.com/wp-content/o/ dietherbsindia.com/assets/k8oo/ dev-tech.eu/demoshop/P0/ mithraa.co/nMT/ chess-pgn.com/win-raid/l6T5/ # Reference: https://twitter.com/Cryptolaemus1/status/1319180621395132416 swiftlogisticseg.com/wp-admin/jiX/ paikapua.com/a0brac3/Y/ gordon-and-son.com/wp-includes/n/ emmanuelmonastery.org/wp-admin/d/ afriwaste.app/wordpress/N7L/ da-industrial.com/js/A4/ onepalate.biz/wp-content_bak/Bc/ # Reference: https://twitter.com/Cryptolaemus1/status/1319253975863070727 sorbonne-capital.com/wp-admin/G/ zagoradesertcamp.com/templates/u/ chavezrob.com/wp-includes/zkd/ buybacksoft.com/old/5s/ thetechieforu.com/wp-includes/2/ movie-2free.com/cgi-bin/d/ yogeejee.com/wp-includes/b/ # Reference: https://twitter.com/Cryptolaemus1/status/1319262232170139650 paasologrp.com/parseopmlo/5/ launch.tactikafacewear.com/wp-content/Uk/ singohotel.com/dashboardl/q/ mymathlabhomework.com/wp-content/o/ dietherbsindia.com/assets/k8oo/ dev-tech.eu/demoshop/P0/ mithraa.co/nMT/ chess-pgn.com/win-raid/l6T5/ # Reference: https://twitter.com/Cryptolaemus1/status/1319309808814706693 akdparivar.com/css/J/ yudaobath.com/wp-includes/vbayxJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1319320563257573376 jumpingphones.com/wp-admin/W/ gksystemsnamakkal.xyz/wp-content/SsH/ baichoi.tranbaocuong.top/application/h5c/ movie-2free.com/cgi-bin/2wv/ mugiya-pan.com/wp/czH/ topperit.com/demo1/tt/ myfarasan.com/wp-admin/o/ # Reference: https://twitter.com/Cryptolaemus1/status/1319334755096272897 acheterdrogues.com/wp-admin/m/ hcareconcepts.com/cgi-bin/1Pwwxf/ jiafunongye.com/application/NJ3Ta/ amarteargentina.com.ar/wp-admin/GOAvrV/ allcannabismeds.com/unraid-map/xcGN/ caacholidays.com.hk/wp-content/jaayDboQ/ selerakampung.com/wp-admin/AGF5qXG/ # Reference: https://twitter.com/Cryptolaemus1/status/1319377511332139009 primaage.com/wp-admin/is/ uvibrands.com/QIG/ morrobaydrugandgift.com/wp-contentbak/T9M/ autodidactai.com/wp-content/5SF/ cs.vitalero.com/wp-includes/Vf/ arcadia-consult.com/wp-admin/6O/ acheterpermis-deconduire.com/wp-admin/network/vv/ # Reference: https://twitter.com/K_N1kolenko/status/1308335594729332737 jobcapper.com/8.7.19/hrS/ scoomie.com/wp-content/uploads/mxjsB/ blog.workshots.net/bibqcr9/Eki/ hxoptical.net/wp-admin/91C/ adidasnmdfootlocker.com/nc_assets/F/ socylmediapc.es/tools/D7Ogq/ lombardzista.pl/wp-content/r/ # Reference: https://twitter.com/K_N1kolenko/status/1306577455499673602 scrappy.upsproutmedia.com/wp-admin/J/ china-specialist.com/wp-content/YrLG/ upsproutmedia.com/wp-admin/M/ pagearrow.com/wordpress/B/ a.xuezha.cn/lajop/OYdUzf/ blog.saadata.com/cgi-bin/vwz/ zeeamfashion.com/content/rqoL/ # Reference: https://twitter.com/K_N1kolenko/status/1306534090812919808 77yxx.com/b5rh/bZxS/ shahramookht.com/t1k12k7t/8jq/ aciitaly.com/adminer-master/gkI/ codelta.es/images/9S35FR/ burstoutloud.com/PPL/Hf/ targetin.com/Silder-1/naK/ dbestfishing.com.sg/67s/wfe/ # Reference: https://twitter.com/K_N1kolenko/status/1301052109379469313 nnpstv.com/newsletter/hDT/ oneinsix.com/plesk-stat/S76/ villatera.com/cgi-bin/CHy/ party-pix.org/cgi-bin/GVp/ sabineschulte.net/cgi-bin/x/ pautz.org/cgi-bin/uB6/ nobius.org/hutchins/w/ # Reference: https://twitter.com/K_N1kolenko/status/1301043012554895361 ptwmusic.com/thumbs/TN/ refinanz.org/bachelorme_de/I/ prprofile.com/wp-admin/B2/ radiomuziekland.com/contact/f/ rbji.com/rbjfiles/5/ relicatessen.com/index_htm_files/9/ phoenix-internet.com/incontext/QJN/ # Reference: https://twitter.com/K_N1kolenko/status/1291617606567428096 tourgunungkidul.com/js/63/ veranista.com/stats/s/ walescounseling.com/wp-includes/BsDZ7QS/ thecreativecafe.co.uk/gallery/Y/ usadatos.com/chai/ikb/ tanitlak.hu/wp-admin/AkMHk/ wolstenholme.ca/teashop/0B6GAKL/ jerem.com/themes/nu2/ mikebonales.com/blog/In5/ grandsignatureyercaud.com/css/Gp/ hstlive.com/blabs/N/ itcsis.com/docuitc/G/ immortalmodeling.com/dev/blog/SF/ jejach.net/widgets/1E/ rifatenterprise.com/dist/go/0Ay/ priyamcollection.com/vinix/3e/ red-master.com/antiguo/WA/ portalsgn.com.br/corpore/xl/ rentaflight.be/PEAR2_maybe_not_used/H9l5C9Q/ pisi1.unixstorm.org/cgi-bin/LVZW/ purrr.nl/wp-content/Y/ moasocialcoop.com/wp-includes/fd/ monahon.com/classyclutches/W/ mediosmilenium.com/mapa/eWv/ monicaestrazulas.com/2018/Z/ mktink.com/logs/Q8/ murias.com/documents/Fu/ n-brake.com/aspnet_client/G8/ wuvyish.com/wp-content/D9/ energjia.com/oxl/k/ hajveryimpex.com/content/0hW/ aeeec.com/about-us/qE/ blog.8888168.xyz/wp-content/P/ instruments.azurewebsites.net/content/vWy/ larisinaja.com/wp-includes/y/ walcial.com/sys-cache/Fh8vQ/ riovibe.com.br/2009/A/ skytechresources.com.br/erros/JyG5bsH/ cosentinoconsult.com.br/v_s_k3/WZN8FbD/ swapnadevelopers.com/temp/U/ opiscineiro.com.br/wp-snapshots/za4yVt/ studio63productions.com/fonts/Dm7Y/ microcomm-group.com/aspnet_client/open-resource/749h0_a_bgapak3l/ missetiquette.com/img/57ry_v_f04/ rouxweb.com/sea/IOm310/ sallyabbeyarts.com/SALLY_ART_2014/UqN4k/ tedde.nl/photosentinel/r_mcjd_p0vrxje/ webstack.com.au/wp-includes/U890802/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/14/emotet-malware-IoCs_10-14-20.html 175.103.38.146:80 149.202.72.142:7080 51.15.7.145:80 177.129.17.170:443 76.175.162.101:80 188.157.101.114:80 108.46.29.236:80 123.176.25.234:80 51.75.33.127:80 78.186.65.230:80 96.245.227.43:80 46.43.2.95:8080 80.241.255.202:8080 142.112.10.95:20 93.186.197.189:7080 121.7.31.214:80 109.13.179.195:80 153.229.219.1:443 51.15.7.189:80 5.196.108.189:8080 202.29.239.162:443 5.89.33.136:80 203.56.191.129:8080 139.162.60.124:8080 74.135.120.91:80 174.106.122.139:80 113.203.238.130:80 75.143.247.51:80 96.249.236.156:443 85.25.106.204:8080 1.226.84.243:8080 183.77.227.38:80 192.232.229.54:7080 24.232.228.233:80 188.166.220.180:7080 162.144.145.58:8080 213.165.178.214:80 78.188.106.53:443 104.131.123.136:443 46.101.58.37:8080 47.36.140.164:80 202.29.237.113:8080 69.206.132.149:80 174.118.202.24:443 190.96.15.50:443 130.0.132.242:80 200.127.14.97:80 190.188.245.242:80 24.231.51.190:80 190.164.135.81:80 172.104.97.173:8080 185.80.172.199:80 24.43.32.186:80 177.23.7.151:80 216.139.123.119:80 190.190.219.184:80 2.58.16.86:8080 45.239.204.100:80 68.252.26.78:80 71.15.245.148:8080 94.212.52.40:80 218.147.193.146:80 178.211.45.66:8080 192.175.111.217:7080 85.214.26.7:8080 49.50.209.131:80 120.150.218.241:443 60.93.23.51:80 192.175.111.214:8080 72.143.73.234:443 46.105.114.137:8080 121.117.147.153:443 191.191.23.135:80 177.144.130.105:8080 110.142.236.207:80 192.81.38.31:80 35.143.99.174:80 118.33.121.37:80 190.240.194.77:443 125.200.20.233:80 71.72.196.159:80 194.4.58.192:7080 73.55.128.120:80 47.154.85.229:80 138.97.60.140:8080 190.191.171.72:80 103.93.220.182:80 115.79.59.157:80 186.74.215.34:80 169.50.76.149:8080 180.148.4.130:8080 118.243.83.70:80 70.169.17.134:80 42.200.96.63:80 190.192.39.136:80 91.146.156.228:80 118.83.154.64:443 128.92.203.42:80 190.108.228.27:443 139.59.61.215:443 37.187.161.206:8080 116.91.240.96:80 95.85.33.23:8080 202.134.4.210:7080 198.20.228.9:8080 190.117.101.56:80 # Reference: https://twitter.com/malware_traffic/status/1309698130468896768 # Reference: https://app.any.run/tasks/018be08a-518e-449f-b7cc-3bc8b5cd8031/ 12.163.208.58:80 87.106.253.248:8080 # Reference: https://app.any.run/tasks/210af0dd-4489-4ba6-88f8-5968ac9f1442/ 162.241.41.111:7080 http://49.243.9.11 # Reference: https://www.virustotal.com/gui/file/0b741a6961b690e07f80388faf43fc3af9bd74b99e8f223e00fa0a996c23305e/detection # Reference: https://www.virustotal.com/gui/file/03caf29484a047db9c68e15e6117f665c59b1cc6ea7cdacba9042f80149861b9/detection http://51.38.124.206 91.105.94.200:80 binarywebtechsolutions.com vstbar.com # Reference: https://twitter.com/illegalFawn/status/1310959162822725638 jigsaw.watch # Reference: https://www.virustotal.com/gui/domain/xnxxfullhd.com/relations xnxxfullhd.com # Reference: https://app.any.run/tasks/7bf64b3b-3039-4610-8500-d9ca772797ec/ http://116.91.240.96 # Reference: https://www.virustotal.com/gui/file/9bb84f9fca28c4f9ac90dda5932d089a835344e112aca645497ee884b56e7644/detection tagkarma.com simplatecplc.com sertecii.com vvk888.ru easyneti.com # Reference: https://www.virustotal.com/gui/file/869f09c1b430433a385b4ec13a90eef4cfe0cba092a46fe71107de2f865bdf0e/detection # Reference: https://www.virustotal.com/gui/file/07546b78e05a399af4c7b6080391583fc4709c2b8e45f2b82ee98ae5a2807dba/detection http://185.94.252.3 185.94.252.3:443 # Reference: https://app.any.run/tasks/a7d83cd5-65f8-45a4-a743-4e743697af4f/ http://42.200.96.63 # Reference: https://app.any.run/tasks/a32c3139-6e65-4009-adf6-9bc8be58f007/ http://177.23.7.151 # Reference: https://app.any.run/tasks/6ae91afa-8e93-4768-bf0e-9719c2f29ba3/ 162.241.140.129:8080 http://69.206.132.149 # Reference: https://pastebin.com/t8DJ96VL 103.3.63.137:8080 184.180.181.202:80 # Reference: https://app.any.run/tasks/e75d2911-c9c6-4c7e-a6a7-d95e2ddf0c0a/ http://208.180.207.205 # Reference: https://app.any.run/tasks/6bc0ba41-3619-40fc-88c1-dc8ef38ee1f8/ http://2.45.176.233 # Reference: https://app.any.run/tasks/130012c7-b13a-49f8-addd-552744b68c8c/ http://221.147.142.214 # Reference: https://app.any.run/tasks/e6d9c6dc-dd3e-478d-958d-f3762df82a7d/ dodungphongtam.com # Reference: https://twitter.com/Marco_Ramilli/status/1318135068049670144 167.114.153.111:8080 # Reference: https://twitter.com/malware_traffic/status/1318710455678926848 91.121.87.90:8080 # Reference: https://www.proofpoint.com/us/blog/threat-insight/geofenced-amazon-japan-credential-phishing-volumes-rival-emotet # Reference: https://otx.alienvault.com/pulse/5f8dd264c6e41e9e60cf67c7 http://182.16.26.194 http://23.133.5.144 http://43.249.30.212 00pozrjbpm.xyz enjinchang.cn jiyingkou.cn # Reference: https://twitter.com/VirITeXplorer/status/1320634658833473536 punto-0.org/wp-content/peqlZz/ mahesaku.com/wp-content/AEnN/ 1024db.com/wp-admin/Vf/ roofwellness.com/wp-admin/S0/ nurmarkaz.org/wp-content/LL/ wp83.talentsprint.com/wp-content/d0NpZ7/ campflamingo.org/wp-content/QCTr/ fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/ # Reference: https://twitter.com/VirITeXplorer/status/1320645299250122752 inbichngoc.com/wp-admin/S/ ulkucusarkilar.com/networko/wN/ rise-creative.com/cgi-bin/K/ celestinastore.com/old/rB/ ferreteriassolano.com/wp-content/x/ aryacreations.com/wp-includes11/tf/ sinapsisenergia.com/customerl/tE/ madrushdigital.com/wp-admin/OJ5Uu5J/ heankan.bio/js/T8oCHm/ jupitermarinesales.com/wp-content/cache/xLWIP/ lovetraveltoday.com/localisationl/0zwJxNkMRK/ unikaryapools.com/wp/JWUG4n/ akdgroup.co.in/jio/8vSciyhM/ ufak2.com/demo/2hhpCYzwTL/ # Reference: https://twitter.com/Cryptolaemus1/status/1320716324453179394 needhelp.gr/wp-includes/Qlpz/ computerjungle.it/wp-content/N/ polaroidamsterdam.nl/wp-admin/IlDz/ vitrinapyme.com/wp-admin/ws9w/ bopetsupplies.com/tui/b2uMLAj/ maturisampietro.ch/wp-admin/VR/ lixko.com/wp-includes/zrEfpj/ si-batangaspremier.org/wp-admin/Q/ # Reference: https://twitter.com/Cryptolaemus1/status/1320751795015221250 ivytheme.com/wp-admin/LyR/ secuado.com/wp-content/plugins/apikey/6/ passionpastry.com/wp-admin/n/ caglayann.com/wp-admin/Xt1/ crechereviver.org/siteunavailable/3/ logistician.org/wp-admin/aGQ/ m-tash.com/wp-includes/9/ # Reference: https://twitter.com/Cryptolaemus1/status/1320754787554627584 alexdepase.coach/wp-admin/Ic4ZVsh/ amiral.ga/wp-content/cUFTze5/ iebf.org.uk/wp-admin/QF/ onlineapps.com.au/wp-includes/ZROO26A9/ gazeindia.com/wp-content/kOCbnAdSdG/ alarmpistool.com/wp-admin/3dk0z92i4/ factum24.pro/cgi-bin/dYNq4D/ # Reference: https://twitter.com/Cryptolaemus1/status/1320784947842568193 360digest.beyondb-school.com/wp-content/07A/ nhatcuong.xyz/wp-content/Szx94QD/ braceyourself.us/wp-admin/J/ carl99a.com/cgi-bin/P1IwSg/ seitaiken.net/wp-admin/Qz9B/ arpe-samois.fr/wp-content/eQCw/ fitthemes.com/wordpress-5.3.2/O/ nakanoyoi5.com/wp-admin/GfPlB/ # Reference: https://twitter.com/Cryptolaemus1/status/1320801741408030720 campflamingo.org/wp-content/QCTr/ fasthomesolutions.flywheelsites.com/wp-content/9bWnm4P/ # Reference: https://twitter.com/Cryptolaemus1/status/1320821381106442241 preilurd.com/wp-admin/N/ twistan.com/wp-content/pxj/ beliloba.com/cgi-bin/1t/ jabalmubarak.com/wp-includes/mq/ xxxporn.futbol/wp-includes/vC/ vietnamdigitalmarketing.org/wp-includes/qd/ haule.net/wp-content/JAJ/ # Reference: https://www.virustotal.com/gui/file/143248cab06613908c20d4532e2ea212fa672788ea83cf4cac123499fe56f576/detection 172.86.186.21:8080 177.107.79.214:8080 59.148.253.194:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1320972542270734337 homewatchamelia.com/wp-admin/MQxjrRU/ pottershousedurban.co.za/cgi-bin/109J/ toorak.ie/wp-includes/aT/ theginlibrary.de/wp-includes/ma/ coeurclaudelien.fbcars.net/cgi-bin/tJt0Sqg/ mamac.top/wp-admin/GWQACP/ jwskincare.vn/setupconfigo/pF6g/ 9s2s.com/wp-admin/XKowb/ # Reference: https://twitter.com/Cryptolaemus1/status/1321046903619047424 yourprivatelife.com/wp-admin/sq/ firsattrade.com/wp-content/pI/ ashiq.xyz/wp-content/qX/ aryabhattahighschool.com/wp-includes/C1x/ angelsandfriends.com/wp-includes/d31/ dmccainlaw.com/wp-content/3/ tvcableinternetdeal.com/wp-content/cu/ # Reference: https://twitter.com/Cryptolaemus1/status/1321045770880065536 royalempresshair.com/wp-content/upgrade/Ete/ kbppp.ilmci.com/wp-includes/z/ tiplabor.com/images/Du1/ 0377hhd.com/cgi-bin/q/ sorbonne-capital.com/wp-admin/Jip/ dijitalklinik.com/wp-admin/LYq/ qualitymathtutors.com/wp-content/GfE/ # Reference: https://twitter.com/Cryptolaemus1/status/1320974739733700608 mevaconyeu.vn/forgottenl/lBjZjuaWO/ babyg-vietnam.vn/wp-content/cuBO2E7bE/ wikibricolage.com/wp-admin/R/ innhanmachcm.com/wp-admin/IB32/ apyarlovers.com/wp-admin/eAiaD/ pilanjau-berau.desa.id/wp-admin/t/ madivarealty.com/wp-includes/XulnC6a/ # Reference: https://twitter.com/Cryptolaemus1/status/1321054328916975618 noorpurefood.com/wp-content/eyH9I/ amorepooh.com/wp-content/themes/twentyseventeen/G3RZxc/ hatele.net/wp-admin/N/ promaxgh.com/wp-content/uploads/f/ pikama.us/wp-includes/BBW/ shaishavchildrights.org/wp-content/L4bRiZo/ maradrugstore.com/old/n/ lilianaoliveira.com/office-365/m1MRNr/ # Reference: https://twitter.com/Cryptolaemus1/status/1321216463697596416 josejuanarroyo.com/antithetical-bulblet/l/ movie-2free.com/cgi-bin/s/ buckzy.net/wp-admin/zF/ suksiriestate.com/cgi-bin/xjz/ gk725.com/breadbox/mlu/ datawyse.net/Ccl/5W/ ppzo.top/wp-admin/o1/ # Reference: https://twitter.com/Cryptolaemus1/status/1321122347865280513 904y.com/how-to/A6/ acredales.com/thank_you/U0u9Z/ adinterix.com/laybuy-investors/9Ab6/ angiathinh.com/autotoxication/Iue/ bahamianrelief.org/VpHo/ey/ biharbhumibazar.com/wp-admin/D/ bridgestoworkapp.com/wp-content/c1/ car4libya.com/cgi-bin/sDBhPqx/ cidoresearch.com/wp-content/Cb5afhZDr6/ ciucurencutl.ro/wp-admin/WhcybcaN/ daeg.su/wp-content/iYH/ dartzeel.com/wp-content/yf/ datablockssolutions.com/rgit/kd6/ dieteticienne-tiffany.com/wp-includes/rGJaLg5/ dotasarim.com/wp-admin/Dyz/ edirnereklamajansi.com/wp-includes/dN/ fit.develab.mx/wp-admin/sjai4FA/ florumgroups.net/mysite/C0NYBd/ gibraltarsalesgroup.com/public/qdI/ jiehost.com/wp-admin/6ZFh6A/ meshzs.com/wp-includes/E/ mobis-autoloan.com/wp-content/YvqoBse/ mueindustries.com/wp-admin/D/ odmova.pl/retranslate/OqLdry/ ostranderandassociates.com/var/thpY/ pacificfe.com/shadow-health/nQ/ personalizedjigsaws.com/replace_img/qG6D9T/ queensport.nl/accp/dz/ ruiermi.com/wp-admin/jmb/ scw8.net/wp-content/1MkWc/ servitekifix.com/wp-admin/C/ socialplaymedia.com/wp-content/Czj/ stabri-thailand.org/cgi-bin/1GKI/ terasrumahkayu.com/wp-admin/dHeLE/ thietkequangcaothanhhoa.com/phosphoryl/UJwwiQu/ uxnew.com/old/9/ weeklyoutfits.com/how-much/zw2z/ yoga.gift/content/nc/ # Reference: https://twitter.com/malware_traffic/status/1321182175916679168 91.121.200.35:8080 # Reference: https://twitter.com/Cryptolaemus1/status/1321406330595401728 nanettecook.org/wp-admin/x/ scalarmonitoring.com/wp-admin/js/widgets/S0A/ fourseasonsjsc.com/wp-admin/hzu9vvt/ ningyangseo.com/wp-admin/am/ rapidcarwash.net/wp-content/nO6U/ coolchacult.com/wp-includes/i/ anpbodysculpting.com/wp-content/themes/twentytwenty/c/ lamajesteindustries.com/wp-content/DRTujMR/ # Reference: https://twitter.com/Cryptolaemus1/status/1321413462229196807 panoramafe.com/slabbing/bBkdFoF96m/ enolil-loo.com/agillawood/CZafm/ 394509.com/biogenesis/ab/ oluwatomiwa.com/mail.oluwatomiwa.com/T/ mansa.com.vn/myographist/zRf6yPRec/ asianprosource.com/verb/rdB6m/ khangnguyen.store/wp-includes/theme-compat/eSIyT/ # Reference: https://twitter.com/Cryptolaemus1/status/1321427295320629248 anizonehealthcare.com/wp-includes/I/ mthealthcare.net/wp-admin/h/ mynesnetwork.com/cgi-bin/Iw/ asahalpha.com/wp-snapshots/tmp/7/ greenlandlion.com/wp-content/zny/ vidamelhor.online/wp-includes/uy/ sobresaude.space/wp-includes/J/ # Reference: https://www.virustotal.com/gui/file/b281c158288b59d60949f1d15c53d7f47e507b2db6e015043d464daaf10f952f/detection http://88.153.35.32 # Reference: https://twitter.com/Cryptolaemus1/status/1321453607758254080 leapmom.com/ukeol/c/ csgcargo.com/wp-content/d/ greenleafnaturalfarms.com/cgi-bin/h/ rucloset.com/gon/4/ pachiba.com/blogs/7/ betsdotbahisgiris.com/cgi-bin/I/ rawmeditations.com/wp-content/r/ # Reference: https://twitter.com/abel1ma/status/1321728085520117762 # Reference: https://app.any.run/tasks/d5fd0b9c-9fff-4953-b886-20b2b711262f/ 152.32.75.74:443 demowebsite6.club/wp-admin/wKm1/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ visionmedia.vn/wp-includes/bjkuZ9LtT/ # Reference: https://twitter.com/Cryptolaemus1/status/1321705613492146176 visionmedia.vn/wp-includes/bjkuZ9LtT/ demowebsite6.club/wp-admin/wKm1/ itgallery.com.bd/backup/7/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ airrlist.com/wp-includes/VBG/ ppinds.in/fonts/NnaS2zf/ yadanaraung.com/wp-content/zWNM/ # Reference: https://twitter.com/Cryptolaemus1/status/1321672520391680000 eclatcollection.com/kohler-14resa/YpUuby/ ismlm.xyz/wp-admin/P/ corsiwebonline.it/wp-content/yQqe7/ conclassdigital.com/wp-content/thTgRn/ jtech.com.vn/wp-includes/IhSNuI/ hijoaajakakhabar.com/cgi-bin/cHoz/ magicwandcompany.net/wp-includes/bRVTJyc/ saladrepublic.in/cgi-bin/WmRD/ # Reference: https://twitter.com/Cryptolaemus1/status/1321755092098441216 dishtvweb.com/cgi-bin/xnAWwP/ bindhyabasinitemple.com/wp-includes/f8U8g/ radiolevi.ro/wp-content/vDbB/ kartsms.com/wp/s/ blog.opospalia.eu/wp-admin/k/ paridhiyadav.com/wp-content/hc/ socalvending.com/wp-content/8z/ makkinouz-groupe.com/wp-includes/q/ # Reference: https://twitter.com/Cryptolaemus1/status/1321802724971843584 enjoymylifecheryl.com/wp-includes/FPNxoUiCz3/ homewatchamelia.com/wp-admin/qmK/ seramporemunicipality.org/replacement-vin/Ql4R/ imperfectdream.com/wp-content/xb2csjPW6/ mayxaycafe.net/wp-includes/UxdWFzYQj/ 420extracts.ca/cgi-bin/Ecv/ casinopalacett.com/wp-admin/voZDArg/ # Reference: https://twitter.com/Cryptolaemus1/status/1321778299379634177 innhanmachn.com/wp-admin/sA/ shomalhouse.com/wp-includes/ID3/IDz/ blog.martyrolnick.com/wp-admin/Spq/ frajamomadrid.com/wp-content/g/ pesquisacred.com/vmware-unlocker/daC/ medhempfarm.com/wp-admin/Lb/ ienglishabc.com/cow/2BB/ # Reference: https://twitter.com/Cryptolaemus1/status/1321838206040637440 tinytowntees.com/wp-content/TV/ 0377hhd.com/cgi-bin/ru/ easytigershop.com/wp-includes/css/GxWFH/M/ paisocial.org/wp-includes/X9D/ primecigarettes.com/wp-content/7/ evexiahk.com/wp-content/u2x/ bathroomnerds.com/wp-content/e/ # Reference: https://twitter.com/Cryptolaemus1/status/1321894855019298816 attenstyle.com/wp-admin/pB/ ningyangseo.com/wp-admin/8l/ mrveggy.com/erros/4/ aischoolofindia.com/wp-content/KFn/ vitrinapyme.com/wp-content/Jw/ trassierramotor.com/photo-gender/oz2/ codavatar.com/wp-content/MiU/ # Reference: https://twitter.com/Cryptolaemus1/status/1321933654478757901 supportessays.com/wp-admin/iuz/ royalempresshair.com/wp-content/upgrade/Fj/ acredales.com/thank_you/d/ mail.bursaevdenevenakliyat.link/jelab/YSS/ 180clubrealestate.com/wp-includes/0go/ albertoordonez.com/coinpot-faucet/vo8/ techofbeauty.com/cgi-bin/o0/ # Reference: https://twitter.com/Cryptolaemus1/status/1321931581741817859 foryoulady.com/wp-admin/H3Tu5s/ flem-cartoons.fr/wp-includes/Gogzje/ blog.19850120.xyz/wp-admin/VOfoZiU/ capellaevents.com/val-images/mD2zBip/ amirthafoundation.com/wp-admin/0KetV/ busyafnutrition.com.au/wp-admin/A83yfME/ sploong.net/cgi-bin/JsbuL5/ sygnalizujemy.pl/wp-admin/yj/ # Reference: https://twitter.com/Cryptolaemus1/status/1322054843247300608 vidadohomem.com/wp-content/v/ ecobaratocanaria.com/wp-admin/eR/ uxnew.com/old/89i/ tz004.com/ad_files/a0/ removepctrojan.com/wp-admin/b/ mycollegecp.com/content/jA/ legalempowermentindia.com/cgi-bin/Qs/ # Reference: https://unit42.paloaltonetworks.com/domain-parking/ # Reference: https://urlhaus.abuse.ch/url/494116/ valleymedicalandsurgicalclinic.com/ujftb/statement/wr7hoba7i9hz/ # Reference: https://www.virustotal.com/gui/file/66254770f3aa819dbb3dd005d6f8318bc29852bcb0ef77f6a251803dcdbca8ad/detection http://190.162.215.233 http://190.164.104.62 http://201.241.127.190 http://37.179.204.33 107.170.146.252:8080 154.91.33.137:443 173.212.214.235:7080 61.33.119.226:443 72.186.136.247:443 # Reference: https://twitter.com/neutrify/status/1321804354907705344 betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/ rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/ innhanmachn.com/wp-admin/sA/ shomalhouse.com/wp-includes/ID3/IDz/ blog.martyrolnick.com/wp-admin/Spq/ frajamomadrid.com/wp-content/g/ pesquisacred.com/vmware-unlocker/daC/ medhempfarm.com/wp-admin/Lb/ ienglishabc.com/cow/2BB/ # Reference: https://paste.cryptolaemus.com/emotet/2020/10/29/emotet-malware-IoCs_10-29-20.html 117.2.139.117:443 2.58.16.89:8080 85.246.78.192:80 129.232.220.11:8080 100.37.240.62:80 73.100.19.104:80 183.176.82.231:80 202.134.4.216:8080 168.197.45.36:80 49.3.224.99:8080 189.34.181.88:80 58.94.58.13:80 190.164.104.62:80 213.52.74.198:80 181.120.29.49:80 134.209.144.106:443 78.90.78.210:80 101.187.81.254:80 109.190.35.249:80 201.171.244.130:80 201.241.127.190:80 77.78.196.173:443 81.215.230.173:443 190.29.166.0:80 2.82.75.215:80 85.105.111.166:80 66.76.12.94:8080 64.207.182.168:8080 209.141.54.221:7080 118.69.11.81:7080 172.86.188.251:8080 200.24.255.23:80 188.226.165.170:8080 109.206.139.119:80 24.133.106.23:80 193.251.77.110:80 51.89.199.141:8080 109.99.146.210:8080 102.182.93.220:80 181.58.181.9:80 62.171.142.179:8080 37.179.145.105:80 172.193.79.237:80 201.71.228.86:80 37.183.81.217:80 159.203.16.11:8080 41.185.28.84:8080 103.13.224.53:80 67.170.250.203:443 5.2.246.108:80 177.130.51.198:80 192.198.91.138:443 186.189.249.2:80 200.59.6.174:80 5.2.164.75:80 74.214.230.200:80 153.204.122.254:80 201.49.239.200:443 202.134.4.211:8080 192.175.111.212:7080 109.116.245.80:80 186.193.229.123:80 188.251.213.180:80 87.230.25.43:8080 60.249.78.226:8080 190.162.215.233:80 50.245.107.73:443 60.108.128.186:80 59.125.219.109:443 188.80.27.54:80 190.64.88.186:443 201.163.74.203:80 80.227.52.78:80 83.103.179.156:80 109.242.153.9:80 61.76.222.210:80 197.221.227.78:80 181.61.182.143:80 115.94.207.99:443 68.115.186.26:80 24.230.141.169:80 173.173.254.105:80 194.190.67.75:80 78.206.229.130:80 178.254.36.182:8080 94.23.62.116:8080 190.45.24.210:80 176.113.52.6:443 217.123.207.149:80 217.20.166.178:7080 5.12.246.155:80 190.180.65.104:80 200.243.153.66:80 2.45.176.233:80 179.222.115.170:80 181.123.6.86:80 119.59.116.21:8080 189.223.16.99:80 95.76.142.243:80 89.121.205.18:80 24.178.90.49:80 190.101.156.139:80 182.208.30.18:443 120.72.18.91:80 138.68.87.218:443 98.103.204.12:443 109.101.137.162:8080 24.135.69.146:80 187.162.250.23:443 70.39.251.94:8080 202.141.243.254:443 41.76.213.144:8080 190.92.122.226:80 123.142.37.166:80 74.40.205.197:443 189.123.103.233:80 79.118.74.90:80 119.228.75.211:80 172.105.13.66:443 95.9.5.93:80 169.1.39.242:80 88.153.35.32:80 187.193.221.143:80 190.202.229.74:80 186.70.56.94:443 27.114.9.93:80 173.63.222.65:80 110.37.224.243:80 37.179.204.33:80 82.76.52.155:80 103.236.179.162:80 181.59.59.54:80 94.230.70.6:80 # Reference: https://twitter.com/Cryptolaemus1/status/1322103743584833537 kharazmischl.com/w/okz/ help-m2c.eccang.com/pseovck27kr/n/ myfarasan.com/sitepage/z/ chengmikeji.com/dertouqua/Ocm/ enews.enkj.com/wordpress/bd/ ecobaratocanaria.com/wp-admin/ms/ cimsjr.com/hospital/4q/ akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/ # Reference: https://twitter.com/Cryptolaemus1/status/1322096259281358848 pipesplumbingltd.com/DB/Yg2rsTn/ annabphotography.co.uk/wp-includes/WdHO/ childselect.com/cgi-bin/BSA/ movie-2free.com/cgi-bin/F/ sachcodoc.net/wp-admin/pOyZDC/ aramisconstruct.ro/wp-admin/Hpbd6/ manweikeji.com/wp-content/X/ farmapleland.com/wp-content/F/ # Reference: https://twitter.com/Cryptolaemus1/status/1322181156377415680 dotasarim.com/wp-admin/AYO/ servitekifix.com/wp-admin/nBJ/ dieteticienne-tiffany.com/wp-includes/p/ moralaree.com/journal/R/ mobis-autoloan.com/wp-content/76/ footballstep.com/cgi-bin/A/ naturalwaterresources.com/wp-content/XjR/ # Reference: https://twitter.com/Cryptolaemus1/status/1322176462150078465 da-industrial.com/js/9IdLP/ daprofesional.com/data4/hWgWjTV/ dagranitegiare.com/wp-admin/tV/ outspokenvisions.com/wp-includes/aWoM/ mobsouk.com/wp-includes/UY30R/ biglaughs.org/smallpotatoes/Y/ ngllogistics.africa/adminer/W3mkB/ # Reference: https://twitter.com/Cryptolaemus1/status/1322249061362208769 inbichngoc.com/wp-admin/K/ angiathinh.com/autotoxication/96F/ meshzs.com/wp-includes/p6/ dartzeel.com/wp-content/jHy/ zhidong.store/wp-content/BDY/ australaqua.com/wp-content/xIt/ nurmarkaz.org/designl/u/ # Reference: https://twitter.com/malware_traffic/status/1322292869584035841 # Reference: https://app.any.run/tasks/22ebd2c7-0e8d-4966-885a-e592345cf173/ 45.230.228.36:443 # Reference: https://twitter.com/neutrify/status/1322326661858250752 dotasarim.com/wp-admin/AYO/ servitekifix.com/wp-admin/nBJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1323297480843403264 201.184.105.242:443 74.75.104.224:80 78.125.252.112:80 # Reference: https://twitter.com/Cryptolaemus1/status/1323356134233747461 105.184.126.15:80 154.127.113.242:80 5.2.182.7:80 # Reference: https://www.virustotal.com/gui/file/04fe8553d197a8433ea9c11a17806fefa6b8da562dc8e68aecf5899a433d16c3/detection http://80.227.52.78 167.71.13.58:8080 195.201.128.184:8080 # Reference: https://twitter.com/neutrify/status/1324839425340309504 pipesplumbingltd.com/DB/Yg2rsTn/ annabphotography.co.uk/p-includes/WdHO/ childselect.com/cgi-bin/BSA/ movie-2free.com/cgi-bin/F/ sachcodoc.net/p-admin/pOyZDC/ aramisconstruct.ro/p-admin/Hpbd6/ manweikeji.com/p-content/X/ farmapleland.com/p-content/F/ # Reference: https://www.virustotal.com/gui/file/6e7b92af945eb2de94528ce9dc2e5c2e28af3363f6726c75c2bbfb0f8d2ca2fe/detection 61.142.176.23:30339 1e62p84873.51mypc.cn # Reference: https://www.virustotal.com/gui/file/5167022959e19b004ebe4b82604ffbe83ece55964953c50cd539647a44a3d3b5/detection 83.35.213.87:7080 # Reference: https://twitter.com/JCyberSec_/status/1331933717678460929 hotwell.at # Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf 0377hhd.com/cgi-bin/q/ 0377hhd.com/cgi-bin/ru/ 360www.ca/content/2/ 4pmedia.vn/wp-admin/docs/w7Dp3kbsjwHYVp3xIzjY/ 9c4i.cn/flightsearch/DOC/ZZofE663toMZcR/ aahnaturals.net/wp-includes/TX/ adidasyeezy.store/welph/m/ admvero.com.br/eleicao/EJcX/ africafoodworld.com/wp-admin/WD/ afriwaste.app/wordpress/N7L/ agily.fr/wp-content/INC/HYZgOObWGv0Dd0YS/ agriseason.africa/wp-includes/Juv/ agroproindia.com/cgi-bin/95r09UGlIj/paasologrp.com/parseopmlo/5/ aguemiimoveis.com/bond-market/73a/upcloudweb.com/content/a/ airrlist.com/wp-includes/VBG/ akoonu.com/wp-admin/public/h3McN3xP5aGtcgjf4/ allindiacrimepress.com allindiacrimepress.com/blogs/media/AO9/ amerifencewichita.com/indexing/4ZIF1OB9W2GK/Wvw5WKvUFnBFpOpJQG/ amicusdh.org/coaid/0g/ anjia-ceramics.com/aliner-camper/K/ annabphotography.co.uk/p-includes/WdHO/ apidocs.dcdial.com/wp-includes/H/ aramisconstruct.ro/p-admin/Hpbd6/ aryacreations.com/wp-includes11/tf/ avoyrakib.com/wp-admin/28/ avozdecamacari.com/home/000~ROOT~000/dev/shm/E/ bachhoanhale.com/wordpress/I/ bathroomnerds.com/wp-content/e/ bazarkotulpur.com/wp-content/0tu/ beta.zoneberry.com/bysyswexecf/x3/ betsdothizligiris.com/cgi-bin/p8mjDNVlargHA2/ bharatlearningsolutions.com/content/MNd/ bigprint.pictures/cgi-bin/o/ blackstonetutors-onlineportal.com/wp-includes/fm/ blog.martyrolnick.com/wp-admin/Spq/ bloglamtinh.com/wp-admin/N/ bnmintl.com/cgi-bin/Ibu/ bold-c.com/wp-admin/Ac/ bomfuturoadesivos.com/gallery_03f59a1cc20096539c7aec1b61d7471a/3e/ brasilcacambas.com.br/ breedenandsilver.com/wp-content/ix6/ brightcdr.com/wp-content/LNTELiq/ buesink.com/Pics-shower/ScE/ buybacksoft.com/old/5s/ bvlserramenti.net/wp-content/35280569593/kjLpBnrK6kLEgZ3/ calculafacturaluz.com/sys-cache/9W/ cavancart.com/staticmap/WR/ cearacultural.com.br/admin/itkfdUik4/ cefaly.club/themes/lA/ celestinastore.com/old/rB/ charlesze.com/content/z0lGKS/ chavezrob.com/wp-includes/zkd/ chemicalbusiness.com.br/wp-admin/sites/WJAKzmqhFV7fRahBTc/ chengmikeji.com/dertouqua/Ocm/ chengmikeji.com/wp-includes/sk/ chess-pgn.com/win-raid/l6T5/ childselect.com/cgi-bin/BSA/ childselect.com/cgi-bin/a/ childselect.com/cgi-bin/y/ cimsjr.com/hospital/4q/ comercialadvance.com/images/MFXxM5Tg/ converdrive.cl/administrative-assistant/onME1zxPMS/ coolfit.in/wp-content/ivi/ cplt20live.com/wp-includes/ae/ creationskateboards.com/shred/H/ criee-des-saveurs.com/wp-admin/public/STMm3p0jJDUqkWV/ da-industrial.com/js/A4/ daga88.com/reviewl/Tj0Ntc dailypharmajobs.com/cgi-bin/CyCdO/ datawyse.net ddazzlediamonds.com/advertisel/m/ demowebsite6.club/wp-admin/wKm1/ dev-tech.eu/demoshop/P0/ dieteticienne-tiffany.com/wp-includes/p/ dietherbsindia.com/assets/k8oo/ dijitalklinik.com/wp-admin/LYq/ divemed-tech.com/will-a/gjzE/ dlhagency.com/cgi-bin/8z/ dmtland.com/wp-admin/4k/ dotasarim.com/wp-admin/AYO/servitekifix.com/wp-admin/nBJ/ drwalidabdelgaffar.com/dentalia/lL/ duberysunglass.com/img/A/ e-machine.com.br/mailer/BjCInTq6b/ easytigershop.com/wp-includes/css/GxWFH/M/ ecobaratocanaria.com/wp-admin/eR/ ecobaratocanaria.com/wp-admin/ms/ ecommarket.xyz/uptown/LSm7vXy0v/ econews.treegle.org econews.treegle.org/how-to/2V/ edgeclothingmcr.com/indexing/c9/ eldahwa.com/9th-grade/F2Kw/ electronicsvibes.com/wp-includes/4N/ emmanuelmonastery.org/wp-admin/d/ emroozmarket.com/wp-content/2y/ enews.enkj.com/wordpress/bd/ engineering-2s.com/SS_Paypal/X/ englishmatters.hk/wp-admin/hDcXxqmeD8/ envirohubconsulting.co.za/cgi-bin/vI5/ eos-promo.com/hk-sgp/Tg4/ equipamentosmix.com/10/Bjky/ esse-outdoor.com/wp-admin/G6EJGCZE7MV/nHfGSKQ46euUGl/ events.medialogic.cloud/blazor-preventdefault/r8W/ evexiahk.com/wp-content/u2x/ evisualsoft-001-site3.atempurl.com/wp-content/C7/ exploreneuro.com/ps4-controller/w/ farmapleland.com/p-content/F/ ferreteriassolano.com/wp-content/x/ financiamentointeligente.com/wp-content/Fj/ finkarma.in/wp-admin/parts_service/VAdFw9JJj4DcC85StkyL/ florinconsultancy.com/wp-content/1/ footballstep.com/cgi-bin/A/ forsalebyowner247.com/wp-includes/8m/ fortunelabels.com/test/SZ/ foulgerteam.com/foulgerteam.com/i/ frajamomadrid.com/wp-content/g/ genyomalhas.com.br geosrt.com/atrabiliary/yfH/ giacimenti.wine givingthanksdaily.com/5Q/ goldenyemen.com/wp-admin/INC/RUoRW1W0oDKQg/ gordon-and-son.com/wp-includes/n/ grandages.org.my/office/y6Uz/ greensync.com.br gtech.thngo58.com/wp-includes/9zo/ gymmuscle.tk/wp-content/U8j1Bkh/ habiganjjournal.com/wp-content/TUQB/ hashilife.com/sitepage/GY/ help-m2c.eccang.com/pseovck27kr/n/ hodmunha.info/wp-includes/Ce/ homeabortionpillsrx.com/ext/N6SKd/ hoobiq.com/cgi-bin/Xyv/ hostimpel.com/js/q/ hottco.com/stats/lX/ housetutor.wasseela.com housetutor.wasseela.com/x2ekf/sWv/ housetutor.wasseela.com/x2ekf/tMR/ hrinternationalbd.com/selectar/h/ humanresourceslifeline.com/wp-content/Documentation/jMe4PpvS9x4QO8N6a1/ huwo.xyz/message/u/ icilimoges.com/wp-includes/Ym/ ictmisericordia.org/cgi-bin/c/ iei7.com/wp-admin/5ShKLn/ ienglishabc.com/cow/2BB/ imenbartariran.com/wp-admin/CZ/ inbichngoc.com/wp-admin/S/ infoquick.co.uk/business_card/RANADek/ inmobiliariaconfiaviv.com/wp-content/eTrac/BadR1jgkpBK/ innhanmachn.com/wp-admin/sA/ innhanmacquanaogiare.com/wp-includes/Jh1/ innoovation.com/blogs/sOKc4/ inspira-psicologia.com/css/F/ invaluablearts.com/6sn1f/t/mycollegecp.com/content/kRL/ inventorelectronica.com/wp-admin/M/ iq51.com/wp-admin/tBO/ isupportthecause.org/wp-includes/sbCBUzN/ itaalabama.org/wp-admin/LLC/433O2ew51Qg/ itgallery.com.bd/backup/7/ jespersen.org/carter/J/ jobmuslim.com/wp-admin/js/widgets/HrWFGwvcF/ johndaurizio.com/wp-includes/Uhp4cB5mgN/ jorgecoronel.com/webmaster/kYH/ kailaasa.ca/wp-admin/zeJssVj/ kbppp.ilmci.com/wp-includes/z/ kharazmischl.com/w/okz/ khudanculongdien.vn/wp-admin/HB/ kianyadak.com kianyadak.com/ik/M/ krais.co.il/wp-admin/b/ ladsbarbearia.com/wp-content/PI/ launch.tactikafacewear.com/wp-content/Uk/ legalempowermentindia.com/cgi-bin/Qs/ libidgel.edtsantos.com/attachments/tovx4Z21Z0vnneKNz/ lifegear.store/wp-admin/RsMLwQ/ lingbaojuan.com/cache/TSkvly/ lsmanga.com/migration/FaU/ luofox.com lylydressforless.com/wp-admin/ffV/99fabrics.com/wp-content/dGq/ mahfuzur32785.com/identify-the/IM/ mail.cozyreview.com/ mail.cozyreview.com/Ko8/econews.treegle.org/how-to/v/ mail.maxjalost.de/ogretmenevi/parts_service/atv5vHbwJLs/ mallowsvirtualcreatives.com/llfdsofdsfss/51C/ manweikeji.com/p-content/X/ mauriciosinjuicio.com/zoom-meeting/r/ mea.kaisariani.gr/tmp/eTrac/Wrinfk9rgr/ medhempfarm.com/wp-admin/Lb/ meeak.com/wp-admin/lcJ/ mentoringcue.com/cgi-bin/wRA/ methilinfotech.com/maliga/th/ michaelandrewsbakery.com/wp-admin/M/ mithraa.co/nMT/ mobis-autoloan.com/wp-content/76/ mohamedfouad84.cf/wp-admin/esp/6F6ZbRmOSh3Y/ mohamedsayed.com/wp-admin/Zt/ monicasharma.info/reviewl/i/ moralaree.com/journal/R/ movie-2free.com/cgi-bin/F/ movie-2free.com/cgi-bin/d/ mrveggy.com/erros/PO/ mycollegecp.com/content/jA/ myfarasan.com/sitepage/z/ mymathlabhomework.com/wp-content/o/ myseedology.com/cgi-bin/7GzFsT/ naturalwaterresources.com/wp-content/XjR/ novaworlds-muine.com/khudothiaquacity.com/a/ nucleokardecistalace.org.br/wp-includes/nHEnWi/ nursesweekparty.com/wp-includes/bQR/ nxyykj.com/wp-includes/public/fsjkKDRASoYBv/ olimpiadasolidaria.com/wp-snapshots/BM7ftDR7a/ onepalate.biz/wp-content_bak/Bc/ online2u.biz/ogretmenevi/4Yj/ onlinedatabasesolutions.com/cgi-bin/Documentation/nn7GTEoQPlnkrDJOVDgq/ optimisticdeals.com/wp-content/S/ ortodonciatafur.com/cgi-bin/Ntl3kiFM/ p4uclasses.com/wp-content/G/ paganwitch.com/wp-admin/0pd/ paikapua.com/a0brac3/Y/ paisocial.org/wp-includes/X9D/ pandebaik.com/_vti_bin/Y/ pearlcomputers.com.pk/bitcoin-apk/37qD0b/ personaltrainersindia.com/fonts/Q55X/ peruvianmister.com/wp-admin/browse/xHOyYgbYmWzNrIW2/ pesquisacred.com/vmware-unlocker/daC/ pgiso.com/wp-admin/mCQ/ pipesplumbingltd.com/DB/Yg2rsTn/ plakatjogja.com/wp-content/X/ poppylon.com/wp-admin/E22zho/ portal.digitalcompass.com/Styles/deeB/ portesobertes.proven.cat/wp-content/Overview/Ql24rtGdmlwBBY7I/ ppinds.in/fonts/NnaS2zf/ prabhatcycles.com/prabhatcycles/U1i7/ primecigarettes.com/wp-content/7/ prospershow.com/wp-content/I/ pxid360.com/wp-admin/PN/ qualitymathtutors.com/wp-content/GfE/ quicktowtowing.com/wp-content/mu-plugins/uMM/ raissamaison.com/wp-includes/EENf/ rantega.com/wp-includes/public/yipMhIIK0CJSqJW2LA/ removepctrojan.com/wp-admin/6/ removepctrojan.com/wp-admin/b/ riandutra.com/img/YX1/ right2liferx.com/admin/AcgEH/ rise-creative.com/cgi-bin/K/ rossie.in/wp/6L0U/ rovonize.com/email.rovonize.com.rovonize.com/M/ royalempresshair.com/wp-content/upgrade/Ete/ royalnight.in/wp/lEA2gXXBj/ rtjandxly.online/wp-content/kir/ rylh.vip/abeka-9th/d9/ sachcodoc.net/p-admin/pOyZDC/ safeabortionrx.com/ext/XII/ sanayate.com/wp-includes/hd/ sff3d.com/3d/xk/ sheriaspace.com/wp-admin/R/ shomalhouse.com/wp-includes/ID3/IDz/ shraddhacarrentalindore.com/wp-includes/M/ sinapsisenergia.com/customerl/tE/ singohotel.com/dashboardl/q/ sistaqui.com/wp-content/l2/ skysatservices.co.uk/cgi-bin/parts_service/O8xj3TSqVNo6OVs/ sorbonne-capital.com/wp-admin/G/ sorbonne-capital.com/wp-admin/Jip/ souryumon-alive.net souryumon-alive.net/VL/ speedypush.com/wp-includes/6/ statusquobrand.com/1/HS/ studyguidewithlakshmi.com/directory/v982c9VH5c/ supplementhouse.net/ swiftlogisticseg.com/wp-admin/jiX/ syracusecoffee.com/customer/jf/ tanger-soft.com/does-leaving/Kig/ tasagodigital.com/sitepage/iEK/ tatilburdur.com/scutum/KV/ tesson.in/tesson/Pages/OiqPrYbxxPz/ thepremiumplace.com/wp-content/5/ thestudio-ct.co.uk/events/P3/ thetechieforu.com/wp-includes/2/ theusacommunity.com/wp-content/WH/ tigerstormtraffic.com/wp-includes/h23/ tiktokvapes.com/wp-admin/xL/ timsonntag.com/cgi-bin/g/ tinytowntees.com/wp-content/TV/ tiplabor.com/images/Du1/ titanfurniture.store/wp-admin/paclm/vU6iaHwTjD/ treeremovalnerds.com/wp-content/7n5ut/ trungtamgioithieuvieclamdongnai.com/submit_form/sFO/ trungtammtc.com/wp-admin/LP/ twogirlscleaning.com/openbayl/KaI/ tz004.com/ad_files/a0/ udaysolopiano.com/wp-content/J/ ulkucusarkilar.com/networko/wN/ usasnet.com/forgottenl/gkT/ uxnew.com/old/89i/ vat201.com/calculator/itQ/ vidadohomem.com/wp-content/Eu/ vidadohomem.com/wp-content/v/ vikinggg.com/hydrolysis-of/bY/ virtual-event-service.com/assets/tW/ visionmedia.vn/wp-includes/bjkuZ9LtT/ vnadevelopers.com/wp-admin/BF/ vuatritue.com/wp-admin/Ux/ weapontoys.com/wp-content/Ok/ webgisjambi.com/wp-content/uploads/V5a/ widewebit.com/wp-admin/DOC/uDEzzms8hT/ wodsuit.com/ram-aisin/7r9/ yadanaraung.com/wp-content/zWNM/ yogeejee.com/wp-includes/b/ zagoradesertcamp.com/templates/u/ zero-finance.com/wp-content/6sa/ ziaonlinetutor.com/wp-content/a/ # Reference: https://twitter.com/VirITeXplorer/status/1340965185952092160 # Reference: https://twitter.com/Cryptolaemus1/status/1341014410119303168 # Reference: https://twitter.com/bomccss/status/1340967391602216960 # Reference: https://twitter.com/reecdeep/status/1340984037402419202 # Reference: https://twitter.com/bomccss/status/1341000147115786242 # Reference: https://twitter.com/Cryptolaemus1/status/1341093468991610881 # Reference: https://pastebin.com/sBJkarSY # Reference: https://app.any.run/tasks/94605ec6-f1cc-4fcb-8089-411f2e4bc12a/ accordiblehr.com/wp-admin/HdzyEn/ aeropilates.cl/wp-content/Service/ aktuel.marduk.kim/dooxi-fuel-hf09b/Logs/ alshuwail.com/cgi-bin/5/ amartaka.net/az-artifacts-kqlgo/I/ aramisconstruct.ro/wp-admin/uX/ ardenneweb.com/765779o900/re/ assecon.com.br/novoassecon/diagnostics/ azraktours.com/wp-content/NWF9jC/ bekape.co.id/_notes/SIGNUP/ biglaughs.org/smallpotatoes/rRwRzc/ blog.vishou.net/admin/font/ braam.com.br/c/oaA7YWWX/ brand360.vn/bljgz/93U/ cearacultural.com.br/admin/Sys/ cheetahridge.mediadevstaging.com/c/B/ comunicacaovertical.com.br/agencia/MtX/ countsquare.com/standardservices/mnR4/ elemsindikat.com.mk/shadow-vip-2pxdt/Pyh/ enableinfosolutions.com/old/q2V/ fi.bonitastores.com/n/WUGoZ/ friendsofchrist10.com/streamlabs-obs-rarso/SIGNUP/ genzmag.com/ratings/VQ8n/ goldcoastoffice365.com/temp/X/ goldilockstraining.com/wp-includes/bftt/ guojiazui.com/b/y0QnnWbk/ heaventoearth.com/360views/xu/ helionspharmaceutical.com/wp-admin/oXJB/ infosisconsultancy.com/wp-includes/d60/ iog.com.cn/css/Sys/ jarodcharity.org/wp-includes/9ocR/ jeffdahlke.com/css/bg4n3/ josegene.com/theme/gU8/ jpkiselavoda.mk/advertising/Pl1SS/ ko-racingshop.com/account-eu/Y6W/ lixko.com/wp-includes/VGX/ mateusz1infa.5v.pl/titan-structures-dotzt/Rl555/ megasolucoesti.com/R9KDq0O8w/Microsoft.NET/ mobgroup.com.br/wp-content/font/ mrveggy.com/erros/s0/ musickidsprogram.com/wp-includes/2huOL/ nguyenphuchn.com/wp-content/iN/ norailya.com/vendor/1j/ palladium.tdmcdev.co.za/nsw-gold-h4ld3/2d/ parakkunnathtemple.com/bckup/7SDAvi/ paulscomputing.com/CraigsMagicSquare/H/ pellesbar.co.il/wp-content/microsoft/ phasdesign.com/wordpress/MSInfo/ pos-egypt.com/wp-content/xTr/ preparateparaloquevenga.com/predisi-tgl-jlpml/jjvCL/ qualcommmedia.com/wp-includes-old/m4/ resuco.net/wp-content/uploads/2020/12/S0K/ riandutra.com/img/dRWJ5aN5/ schooldz.co/wp-content/v/ siamimplement.co.th/images/System32/ snjwellers.com/wp-includes/esttW/ swallow.tdmcdev.co.za/accident-on-wh7ag/x/ talkischeap.co.za/4-pin-iscru/t7k/ themesgiant.net/wp-content/microsoft/ themoviebazar.com/2007-bmw/Help/ thoitrangtrungnienkim.vn/wife-AND/Help/ unikaryapools.com/wp/Speech/ vilajansen.com.br/loja_old_1/System32/ vod.vishou.net/data/6hCNth/ whytech.info/wp-includes/HceUxFK/ zebaorganics.com/wp-admin/en-US/ # Reference: https://neurosoft.gr/wp-content/uploads/2020/12/Emotet-White-Paper-IOCs.pdf 115.165.3.213:80 123.216.134.52:80 89.2.145.86:80 186.32.90.103:443 27.73.70.219:8080 104.131.103.128:443 85.96.199.93:80 147.91.184.91:80 70.116.143.84:80 118.2.218.1:80 66.65.136.14:80 97.107.135.148:8080 181.126.74.180:80 174.102.48.180:80 153.220.182.49:80 115.135.158.13:80 24.249.135.121:80 180.23.53.200:80 2.84.135.163:80 179.15.102.2:80 41.40.125.237:443 65.111.120.223:80 85.25.207.108:8080 105.185.152.15:80 38.18.235.242:80 51.254.140.91:7080 209.143.35.232:80 85.75.49.113:80 116.202.23.3:8080 94.96.60.191:80 194.166.147.143:80 186.222.250.115:8080 2.85.9.41:8080 187.207.207.16:80 191.97.154.2:80 91.83.93.99:7080 209.54.13.14:80 181.56.32.36:80 186.20.52.237:80 164.160.45.41:8080 14.241.182.160:80 61.118.67.173:80 5.189.168.53:8080 94.49.254.194:80 2.84.12.98:80 51.75.163.68:7080 189.194.58.119:80 221.147.142.214:80 85.59.136.180:8080 67.241.24.163:8080 200.116.93.61:80 70.180.43.7:80 72.10.36.104:8080 64.183.73.122:80 94.102.209.63:7080 93.151.186.85:80 201.213.156.176:80 24.232.36.99:80 2.58.16.85:7080 91.213.106.100:8080 181.169.235.7:80 223.135.30.189:80 186.109.152.201:80 181.80.129.181:80 109.190.249.106:80 188.40.170.197:80 181.114.114.203:80 181.126.54.234:80 78.101.224.151:80 195.7.12.8:80 169.1.211.133:80 202.4.57.96:80 86.123.55.0:80 182.176.95.147:80 85.214.28.226:8080 41.106.96.12:80 76.121.199.225:80 220.106.127.191:443 104.251.33.179:80 173.212.197.71:8080 82.78.179.117:443 109.169.12.78:80 202.4.58.197:80 82.163.245.38:80 192.187.99.90:8080 209.126.6.222:8080 192.158.216.73:80 178.128.14.92:8080 62.108.54.22:8080 38.111.46.46:8080 67.10.155.92:80 24.135.198.218:80 189.35.44.221:80 5.9.227.244:8080 159.203.116.47:8080 153.92.4.96:8080 190.212.133.239:443 92.23.34.86:80 155.186.9.160:80 60.108.144.104:443 66.228.49.173:8080 46.22.116.163:7080 51.75.33.122:80 105.213.67.88:80 75.188.96.231:80 185.33.0.233:80 197.245.25.228:80 173.68.199.157:80 197.249.6.179:443 187.49.206.134:80 97.104.107.190:80 212.198.71.39:80 181.74.0.251:80 76.171.227.238:80 81.129.198.57:80 179.191.239.255:80 190.117.79.209:80 98.174.164.72:80 187.64.128.197:80 178.238.232.46:443 94.206.45.18:80 175.143.12.123:8080 173.249.6.108:443 105.186.233.33:80 118.110.236.121:8080 202.5.47.71:80 180.21.3.52:80 203.205.28.68:80 199.101.86.142:8080 74.219.172.26:80 108.26.231.214:80 219.75.128.166:80 67.163.161.107:80 89.186.91.200:443 5.196.108.185:8080 99.224.14.125:80 202.22.141.45:80 27.7.14.122:80 45.33.35.74:8080 208.180.207.205:80 153.164.70.236:80 101.50.232.218:80 178.87.171.199:80 80.87.201.221:7080 104.131.92.244:8080 195.181.215.65:4143 185.63.32.149:80 95.85.151.205:80 111.89.241.139:80 153.163.83.106:80 185.232.182.218:80 73.84.105.76:80 1.54.67.22:80 118.7.227.42:443 96.126.101.6:8080 51.38.50.144:8080 145.236.8.174:80 188.166.25.84:8080 76.168.54.203:80 118.70.15.19:8080 213.181.91.224:80 123.51.47.18:80 119.106.216.84:80 72.249.144.95:8080 2.36.95.106:80 116.125.120.88:443 176.9.93.82:7080 5.153.250.14:8080 93.20.157.143:80 87.98.218.33:7080 104.193.103.61:80 92.24.51.238:80 182.187.139.200:8080 94.124.59.22:8080 149.202.5.139:443 190.151.5.131:443 # Reference: https://pastebin.com/raw/Di0gDrDC 74.128.121.17:80 190.114.254.163:8080 81.213.175.132:80 113.163.216.135:80 58.1.242.115:80 200.111.198.76:80 103.229.72.197:8080 181.165.68.127:80 79.118.72.250:80 195.159.28.244:8080 45.230.45.171:443 37.247.101.241:8080 45.4.32.50:80 190.147.84.191:443 172.245.248.239:8080 27.78.27.110:443 168.121.4.238:80 110.145.11.73:80 5.2.212.254:80 80.15.100.37:80 24.69.65.8:8080 172.125.40.123:80 191.223.36.170:80 72.188.173.74:80 177.254.134.180:80 69.159.11.38:443 136.244.110.184:8080 185.201.9.197:8080 178.62.254.156:8080 186.222.53.247:8080 163.53.204.180:443 47.144.21.37:80 50.246.154.69:80 208.74.26.234:80 180.232.111.30:80 152.170.205.73:80 192.232.229.53:4143 161.0.153.60:80 111.67.12.222:8080 201.127.11.90:8080 188.225.32.231:7080 93.148.247.169:80 108.21.72.56:443 45.184.103.73:80 181.171.209.241:443 70.32.89.105:8080 203.160.167.243:80 1.234.65.61:80 110.39.160.38:443 177.85.167.10:80 115.79.119.206:443 190.146.92.48:80 202.79.24.136:443 144.217.7.207:7080 190.251.216.100:80 51.89.36.180:443 172.104.46.84:8080 110.39.162.2:443 189.191.59.232:443 190.18.184.113:80 122.201.23.45:443 186.146.13.184:443 182.73.7.59:8080 186.146.229.172:80 24.245.65.66:80 # Reference: https://app.any.run/tasks/1a576ee4-6e2c-4bda-abd2-f240731f6066/ 45.33.54.74:443 209.141.41.136:8080 104.236.246.93:8080 # Reference: https://app.any.run/tasks/4c47eb6e-9649-41a2-a405-4cd10a4a25dc/ http://197.87.160.216 laserhuayna.com # Reference: https://www.virustotal.com/gui/file/551910c092733b7324c377351583667a6389e76f8e36f1ee73c82d354f970cbc/detection 50.116.111.59:8080 countsquare.com/standardservices/mnR4/ infosisconsultancy.com/wp-includes/d60/ jpkiselavoda.mk/advertising/Pl1SS/ ko-racingshop.com/account-eu/Y6W/ yourdrugsassist.com # Reference: https://twitter.com/Cryptolaemus1/status/1341364879782010883 aciparis.com/content/Cs/ alsaudiacuttingmaster.com/anticalculous/LA/ alshuwail.com/cgi-bin/5/ amyzeng.net/content/mgms/ anjumanclick.com/q/kvM/ aramisconstruct.ro/wp-admin/uX/ atom.lk/wp-content/DL/ bellevueairductcleaning.com/wp-admin/zK/ bienhoacitysq.com/wp-content/xYp/ brand360.vn/bljgz/93U/ dagranitegiare.com/wp-admin/jCH/ datnenduanbd.com/public_html/Dezl7/ dive-hoian.com/_file-manager/sO/ drakoranime.com/wp-admin/rN/ dreamwithdell.com/wp-includes/pX/ duocnhanhoa.com/wp-admin/J5JbVEY/ dupuisacademy.com/projects/media/v/ ecomdemo2.ogsdev.net/wp-content/zWWB/ expeditionquest.com/X/ football-eg.com/web_map/n/ game.vlexor.com/links14/WUSs/ geoffoglemusic.com/wp-admin/x/ greaudstudio.com/docs/FGn/ hbprivileged.com/cgi-bin/kcggF/ imkol.hk/photo_search/3kc/ johnhaydenwrites.com/track_url/P/ koreankidsedu.com/wp-content/2cQTh/ lavenderkart.com/blogs/nZP5c/ legion.com.pk/__MACOSX/pT3h/ localaffordableroofer.com/ralphs-receipt-f2uhf/qTT5DC/ luxuryavenew.com/wp-admin/RIl1/ mundoahorronline.com/wordpress/2S1/ nahlasolimandesigns.com/nahla3/d/ penambahberatbadan.info/r/pXPKwJ/ pinkista.net/wp-includes/B/ pox23.io/wp-content/I/ sageartisan.com/wp-content/1KsvR/ sancydubai.com/setupconfigo/R9/ sanolifescence.com/cgi-bin/E/ suriagrofresh.com/serevers/MVDjI/ talktalkenglish.vn/database/v/ thaithienson.net/wp-admin/EksZXO/ thienloc.org/data-sgp-kgfig/AaK/ venuspowerbd.com/wp-includes/bLm/ vietnhabienhoa.com/wordpress/QUTy/ wellnursesmartnurse.co.za/wp-admin/HFdox/ yellomosquito.com/wp-includes/w/ zenithcampus.com/l/yQ/ zhongshixingchuang.com/wp-admin/OTm/ # Reference: https://www.virustotal.com/gui/file/07954a3e04bf45308251fa489e56c8b119621131ec4617553fc17ae1e98e051b/detection 4kbutsho.xyz chiangmainightsafari.com freeresellerserver.com jiohosting.xyz # Reference: https://www.virustotal.com/gui/file/dc3f7f19ed2df8acaa0e1a78da4a9a796e88eed1ee2528983c4327eeeed3a619/behavior inter-mvietnam.com/wp-content/nxcrv2/ qa-home.com/dlkc3/f0x0011/ # Reference: https://twitter.com/Cryptolaemus1/status/1343627325607469057 # Reference: https://twitter.com/Cryptolaemus1/status/1343660665140084744 # Reference: https://twitter.com/Cryptolaemus1/status/1343665050423353345 # Reference: https://twitter.com/Cryptolaemus1/status/1343678997339766784 # Reference: https://twitter.com/Cryptolaemus1/status/1343697973176389633 # Reference: https://twitter.com/Cryptolaemus1/status/1343822792505102336 # Reference: https://twitter.com/Cryptolaemus1/status/1343845723348021249 http://206.189.146.42/wp-admin/F0xAutoConfig/XR9/ aaskuu.com/ALFA_DATA/97Z/ alabamaballdrop.com/wp-includes/kef1U/ alsaudiacuttingmaster.com/afterpiece/cH/ andeanreach.com//MSInfo/ batdongsanvip.com.vn/wp-content/jHkl/ beidou.run/Acoemeti/VGX/ bharattimeslive.com/wp-content/Jm2pO/ cashyinvestment.org/wp-content/IH/ coastlinepoolspa.com/wp-content/S88uK/ codsambal.com/wp-admin/6NEEEtf/ dr-yasser.com/wordpress/JNS/ dupuisacademy.com/projects/media/Me6bB/ gacetaeditorial.com/p/TYkn/ gjorgji.com/1v1lol-unblocked/JRuP/ harmonimedia.com/wp-content/uploads/Zol/ helionspharmaceutical.com/wp-admin/Yg/ hmhaliyikama.com/site_map/SpeechEngines/ kolerkar.com/wp-snapshots/aRfdr7HT1/ lainiotisllc.com/postauth/7XhB/ lnfch.com/wp-includes/quC/ memoria.od.ua/wp-admin/GbLB2/ modernortodonti.com/thankyou1/QE5y6jiy/ mumglobal.com/content/Z/ nahlasolimandesigns.com/wp-admin/0HHK7/ ncap.lbatechnologies.com/media/6iQ/ norailya.com/drupal/Stationery/ onevoice.co.in/best-selling-wcc/d3/ paroissesaintabraham.com/wp-admin/H/ penambahberatbadan.info/x/inf/ phasdesign.com/wordpress/G/ praticideas.net/wp-content/inf/ qualcommmedia.com/wp-includes-old/rW1/ savedahorses.org/wp-content/xH/ scope-sci.org/kahoot-bot-tj6t0/22/ secretmassageclub.co.uk/wp-includes/inf/ sevensteel.com.tr/wp-content/syi4964/ siitav.net/cuim/data/2/ sistempark.net/wp-includes/7AP/ theo.digital/wp-admin/E/ tillmoon.lt/wp-includes/P/ tools.apecsoft.asia/application/O/ tudatosmarketing.hu/wp-includes/EWiggLh/ turbo-services.com/C:/hE1eMB/ worldcologistics.co.za/wp-includes/BVO1P/ xiaowo.ltd/wp-content/g/ # Reference: https://twitter.com/malware_traffic/status/1343630789683118081 190.210.246.253:80 46.101.230.194:443 karsonhomecare.com/wp-includes/Yo/ # Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720 freejobalertcom.xyz/wp-admin/858/ jarininternational.com/wp-includes/k8buV/ juju.jebcom.de/errordocs/I0K/ lapcare.com/wp-content/o2BwO/ multitools.gr/wp-content/zo/ sinclair-electrical.com/wp-includes/LmhG/ vissermalin.com/wp-content/vQ5/ # Reference: https://twitter.com/Cryptolaemus1/status/1344007302014238720 achutamanasa.com/garmin-pro-fei8o/mW/ fmcav.com/images/7FV4Nd/ geoffoglemusic.com/wp-admin/7C11oAC/ geosrt.com/aqqhwdap/l0/ johnloveskim.com/a/Tff/ removepctrojan.com/wp-admin/ak0chH/ theprajinshee.com/otherfiles/wAFP/ # Reference: https://twitter.com/Cryptolaemus1/status/1343954297512468482 alrlawsv.com/explain-functions-kuubxdu/4LAy/ arefhasan.com/wp-admin/z/ bidwincash.com/wp-admin/8NUY/ messenger-courier.com/content/Service/ psishops.com/wp-admin/MSInfo/ redmanns-way.com/jeff-intervention-txqikkf/Engines/ # Reference: https://twitter.com/Cryptolaemus1/status/1343972777041272833 91damimi.com/wp-admin/V/ athenaat.com/content/MSInfo/ fraud.bpcbankingtech.com/wp-content/Logs/ nichimanabi.com/wp-content/en-US/ shop.schlachtstall.de/wp-content/microsoft/ sturing.info/thumbnails/Engines/ # Reference: https://twitter.com/Cryptolaemus1/status/1343911941140606977 cahyaproperty.bbtbatam.com/mhD/ coshou.com/wp-admin/EM/ depannage-vehicule-maroc.com/wp-admin/c/ dieuhoaxanh.vn/wp-admin/a/ familylifetruth.com/cgi-bin/PPq7/ techworldo.com/cgi-bin/gcZ/ todoensaludips.com/wp-includes/9/ # Reference: https://twitter.com/Cryptolaemus1/status/1344019961803628545 dynamicsteels.com/can-you-lpy7p/MaJIcT/ lixko.com/wp-includes/LEq9VJd/ members.nlbformula.com/cgi-bin/vazlwkU/ srishtiherbs.com/jms/bq8/ surfboarddigital.com/carol-stream-i7lsj/8e/ unikaryapools.com/wp/ysFiRq1 zhongshixingchuang.com/wp-admin/N2X3/ # Reference: https://twitter.com/Cryptolaemus1/status/1344025733874782208 adnlight.com/v/Q/ nicoblogroms.com/wp-includes/IZj/ shortnr.xyz/wp-content/zBgK/ taylordbackups.com/wp-includes/Dfp/ thexanhmy.com/chCounter/t/ valenciancountry.com/wp-includes/kppS/ vicharemasala.com/wp-admin/1pXep/ # Reference: https://twitter.com/Cryptolaemus1/status/1344032119996248064 fundglobally.org/googleLib/7on/ heartssetfree.org/9c950e/tw/ kiralikbahissitesii.com/wp-admin/A/ mt4-ea.vip/sys-cache/bAAN/ paulscomputing.com/CraigsMagicSquare/csrJgJZ/ talentztech.com/histioid/X3/ tecshop.website/wp-includes/kZK/ # Reference: https://twitter.com/Cryptolaemus1/status/1344034210823208962 amarguwahati.com/wp-includes/bx7PZR/ dorotheesausset.com/wp-content/Sys/ events.ileafconnects.com/cgi-bin/System_32/ looksociety.org/membership-mail/bb0EIUyTb/ muahangvietmy.com/wp-admin/css/colors/light/Help/ thedesirelife.com/wp-content/Microsoft.NET/ # Reference: https://twitter.com/SecSome/status/1344041101871755276 # Reference: https://app.any.run/tasks/c67ce985-eaae-41d9-9a4c-4af5cfe12906/ http://191.112.178.60 http://24.231.88.85 ongpassoapasso.com.br/r/1IYaxeIKDTISrYMpRRWckdwE7/ # Reference: https://twitter.com/Cryptolaemus1/status/1344182362486222848 appliancebuddy.in/wp-includes/m7R/ rogerbaulenas.com/j/Z96X/ rossdom32.ru/t/wSF/ sasksseed.mymonolith.com/wp-admin/xb/ taradhuay.com/c/4/ thetradepad.co.uk/test/w/ vidular.es/wp-content/K3zbi/ # Reference: https://twitter.com/Cryptolaemus1/status/1344190890898821121 atprofessional.org/wp-content/O6Vey/ iut-bethune.univ-artois.fr/benefits-of-hhnzoet/T/ mypostletter.com/wp-admin/G3/ skyeconsultoria.com.br/wp-admin/co/ talentvalue.com/wp-admin/DEoUM/ trueapparels.com/a/4k/ xportfreight.com/wp-content/c/ # Reference: https://twitter.com/Cryptolaemus1/status/1344200712851509248 astrologiaexistencial.com/l/L/ bandarabbad.com/wp-admin/Lo5kEa/ bereketsutesisatcisi.com/wp-content/xhGs43c/ myphamjapan.com/dup-installer/db/ ngrehab.biz/wp-includes/TCWeeN/ sahla-ad.com/wp-content/a/ swiftlogisticseg.com/wp-admin/VE9h0jj/ # Reference: https://twitter.com/Cryptolaemus1/status/1344205847778488320 artas.biz/c/System/ ausutra.com/wp-admin/Logs/ institutmestres.com/wp-includes/n7Fl9WDm/ noithatcongnghieptantien.com/wp-content/Fonts/ sislog.es/wp-admin/MSInfo/ spmkomputer.com/kasir/diagnostics/ # Reference: https://twitter.com/Cryptolaemus1/status/1344226198252093441 alkamefood.com/y/P/ goldenboyatl.com/img/Ls0/ pom-poo.hk/wp-admin/EFo4q/ shopchailo.com/wp-content/bsQN/ studentloananalyzer.com/wp-admin/2aPL/ vasumadhi.com/cgi-bin/L1DCI/ veertua.com/wp-content/HE/ # Reference: https://twitter.com/Cryptolaemus1/status/1344273969067794432 blogs.g2gtechnologies.com/blogs/v/ insvat.com/wp-admin/Dw/ littleindiadirectory.com/l/TOYuT/ pattayastore.com/visio-network-1hmpp/j5/ rsimadinah.com/wp-content/16qT/ sureoptimize.com/well-known/QsEs/ tenmoney.business/wp-content/nhW/ # Reference: https://twitter.com/Cryptolaemus1/status/1344354848876220416 ellinismos1922.gr/log/c99FG/ linkejet.com.br/cgi-bin/UQ/ mediatorstewart.com/service-msc/3zZLr/ nuocmambamuoi.vn/wp-admin/Ty/ wi360.com/wp-content/u/ wolffsachs.com/wp-content/UKZw/ ycspreview.com/shubham/h7qna/ # Reference: https://twitter.com/K_N1kolenko/status/1344588192117305344 catchpoolshetlands.co.uk/border-design-fjk/ohTJ/ demondkapjesman.nl/cgi-bin/4EbMS/ freelancero.nl/wp-content/3r2/ homegym.vn/stillicide/z/ malerei-wiesner.de/wp-includes/2ww4/ sbninspections.com/wp-content/Y71zQ/ wcpaherrin.net/q/jg/ # Reference: https://twitter.com/K_N1kolenko/status/1344598909453283329 http://18.179.187.145/licenses/Sys/ luoyb.com/wp-includes/rUhBVqXWAV/ malaysianscoop.com/img/MSInfo/ office.horussolution.com/files/Help/ somatone.atakdev.com/plesk-stat/Stationery/ uk-bet.com/wp-content/Media/ # Reference: https://twitter.com/malware_traffic/status/1344329625162407937 89.163.210.141:8080 # Reference: https://twitter.com/abel1ma/status/1344416924382285824 gadgetscs.com/y/LRaS1Fw/ trytuc.com/well-known/Triedit/ # Reference: https://twitter.com/Cryptolaemus1/status/1346138696769302529 admintk.com/wp-admin/L/ etkindedektiflik.com/pcie-speed/Engines/ freelancerwebdesignerhyderabad.com/cgi-bin/S/ hintup.com.br/wp-content/dE/ holonchile.cl/cgi-bin/font/ indemnity360.com/nsw-highways-yqgdk/Sys/ mikegeerinck.com/c/YYsa/ norailya.com/drupal/n0uJoiR/ praticideas.net/wp-content/en-US/ stmarouns.nsw.edu.au/paypal/b8G/ ummahstars.com/app_old_may_2018/assets/Help/ wm.mcdevelop.net/content/6F2gd/ # Reference: https://twitter.com/Cryptolaemus1/status/1346191933329313797 anakhita.com/wordpress/Pt/ etbnaman.com/wp-admin/V0Sv/ ezdesigns.net/ALFA_DATA/h/ labasedespatriotes.net/wp-content/tGjE/ menol.eu/wp/mT/ spovahealth.com/z/Vb/ youyouwj.com/b/HW/ # Reference: https://twitter.com/Cryptolaemus1/status/1346198468918976514 dayimachine.com/automator-mouse-xoq9e/aY9/ doctorww.com/22-hp-ak4yp/LRWLZ2/ elaheanahita.org/a/sbzLscs/ ibelieveonline.org/wp-content/FvSP7/ mt4-ea.vip/sys-cache/62y7sA/ ultimatesoftwarenet.com/wp-content/6rXDH9/ whytech.info/wp-includes/oa/ # Reference: https://twitter.com/Cryptolaemus1/status/1346234313843613702 assecon.com.br/novosite/0fgb09/ blog.luozhou.xyz/wp-includes/en-US/ greensync.com.br/bloqueio/SIGNUP/ helionspharmaceutical.com/wp-admin/Fonts/ moraniz.co.il/wp-content/inf/ salas.co.uk/phyllis/Systems/ # Reference: https://twitter.com/Cryptolaemus1/status/1346241673446248450 app.e-paylinks.com/cgi-bin/GBbzq/ benzatine.com/wp-admin/vafW4/ bikemyday.se/wp-includes/gxz9/ cdhrsom.org/wp-admin/Z/ smartgrocerysl.com/content/dLM/ thekays.ca/wp-includes/h/ thinkbrief.cn/wp-includes/i/ # Reference: https://app.any.run/tasks/e05cfe35-fac0-41c5-aa2a-475d7af96998/ http://125.0.215.60 # Reference: https://twitter.com/bomccss/status/1346362798482227200 givingthanksdaily.com/qlE/VeF/ petafilm.com/wp-admin/4m/ # Reference: https://twitter.com/Cryptolaemus1/status/1346415035204177923 img.oipeirates.pro/wp-includes/inf/ mojwear.de/wp-includes/x907s3BY/ nicoblogroms.com/reviews-of-rcbim/QBaTch/ omnitech.asia/pressthisl/System32/ taradhuay.com/c/vrODk/ teelekded.com/cgi-bin/Services/ # Reference: https://twitter.com/Cryptolaemus1/status/1346430545174142977 comunicacaovertical.com.br/agencia/D0sJl/ datawyse.net/5VGI0/ fathekarim.com/images/jiC/ radioclype.scola.ac-paris.fr/wp-admin/js/widgets/6S transfersuvan.com/wp-admin/1114R/ trumpcommunity.com/usa-no-uykjh/wcS/ upafrique.com/cgi-bin/iFmg/ # Reference: https://twitter.com/Cryptolaemus1/status/1346436857257574400 campusexpo.org/department-of-odhmmkd/95eXZY/ khanhhoahomnay.net/wordpress/CGMC/ sgurztac.wtchevalier.com/wp-content/YzZ6YZ/ shop.elemenslide.com/wp-content/n/ sofsuite.com/wp-includes/2jm3nIk/ veterinariadrpopui.com/content/5f18Q/ wpsapk.com/wp-admin/v/ # Reference: https://twitter.com/neutrify/status/1346468155879612429 fnjbq.com/wp-includes/rlR/ sakhisuhaninarijeevika.com/wp-includes/CvGUjvE/ somanap.com/wp-admin/P/ wap.zhonglisc.com/wp-includes/QryCB/ zieflix.teleskopstore.com/cgi-bin/Gt3S/ # Reference: https://twitter.com/Cryptolaemus1/status/1346490798142083074 ancorals.com/aminophenol/Stationery/ eco-mykolaiv.info/f/debug/ ehteknology.com/wp-includes/en-US/ imedu.org/u/cV/ omarisouza.com/cgi-bin/Systems/ smartintelligentsolutions.com/content/microsoft/ # Reference: https://twitter.com/Cryptolaemus1/status/1346536935989391362 astrologiaexistencial.com/l/4bm8/ dirgantaratuba.com/cgi-bin/PX4K/ mail.ninosindigochile.cl/1989-gmc-oq21w/ZVTCY/ mirvalgroup.com/wp-includes/FOeYo/ unimedunihealth.com/wp-includes/E/ walkerswebshop.com/images/O7/ wp.gensoukyou.org/souzinv_old/1a/ # Reference: https://twitter.com/Cryptolaemus1/status/1346556090050375680 789hosteley.com/content/NZrE/ exitocorp.com/content/0ygHR/ hss.mamoni.info/content/b/ kongjiantang.com/s/It1c/ phonghoinghi.com/wp-admin/TkBD/ theloveiskindnetwork.com/wp-includes/V/ ushomestyle.com/wp-content/gfhX/ # Reference: https://twitter.com/BushidoToken/status/1346440874759172096 inspired-automotive.co.uk/wp-content.BAK_2020-05-13/w1XXLqtnEj7nijbg1qOGmIDzwcRH/ # Reference: https://paste.cryptolaemus.com/emotet/2021/01/04/emotet-malware-IoCs_01-04-21.html 165.22.246.219:8080 49.205.182.134:80 167.71.4.0:8080 190.162.232.138:80 203.157.152.9:7080 95.76.153.115:80 90.160.138.175:80 178.152.87.96:80 186.147.237.3:8080 173.249.20.233:443 110.172.180.180:8080 186.96.170.61:80 85.247.144.202:80 125.0.215.60:80 89.106.251.163:80 24.231.88.85:80 197.211.245.21:80 97.120.3.198:80 172.193.14.201:80 88.247.30.64:80 190.136.176.89:80 162.144.212.120:8080 167.71.148.58:443 5.83.32.101:80 78.189.148.42:80 103.124.152.221:80 70.183.211.3:80 31.27.59.105:80 82.48.39.246:80 82.208.146.142:7080 113.161.176.235:80 181.124.51.88:80 154.0.8.2:443 191.241.233.198:80 78.188.225.105:80 211.215.18.93:8080 189.34.18.252:8080 70.92.118.112:80 139.5.101.203:80 75.188.107.174:80 173.70.61.180:80 75.177.207.146:80 66.57.108.14:443 190.247.139.101:80 93.146.48.84:80 74.222.117.42:80 189.211.214.19:443 201.212.201.127:8080 201.143.224.27:80 24.230.124.78:80 180.52.66.193:80 188.165.214.98:8080 47.150.238.196:80 98.109.133.80:80 84.5.104.93:80 138.197.99.250:8080 157.245.145.87:443 152.170.79.100:80 114.158.126.84:80 167.99.105.11:8080 181.136.190.86:80 2.80.112.146:80 201.75.62.86:80 93.149.120.214:80 84.232.252.202:443 5.2.136.90:80 75.109.111.18:80 59.21.235.119:80 201.193.160.196:80 157.245.123.197:8080 # Reference: https://www.virustotal.com/gui/file/d0e180cf891b1138e9fa24f47885ec8e9b936a2c1f757f868e7063baf2f27e02/detection http://54.36.185.63 # Reference: https://www.virustotal.com/gui/file/9271631901e43b43d23922acec11166070e3ef673ef6e60e1c0fb9eafca14a16/detection etkindedektiflik.com mantaspesadas.com newtabletmall.com ozonerenovaters.co.za sezard.com zakariabek.com # Reference: https://twitter.com/Cryptolaemus1/status/1349016166916911107 capturetheaction.com.au/wp-includes/Yjp/ mmo.martinpollock.co.uk/a/SQSGg/ mybusinessevent.com/tiki-install/e/ shulovbaazar.com/c/bcL6/ thenetworker.ca/comment/8N4/ trayonlinegh.com/cgi-bin/HBPR/ uhk.cncranes.com/ErrorPages/3/ # Reference: https://twitter.com/Cryptolaemus1/status/1349059123753742337 agricampeggiocortecomotto.it/wp-admin/s7p1/ avadnansahin.com/wp-includes/w/ hellas-darmstadt.de/cgi-bin/ZSoo/ remediis.com/t/gm2X/ riparazioni-radiotv.com/softaculous/DZz/ solicon.us/allam-cycle-1c4gn/f5z/ starlingtechs.com/GNM/ # Reference: https://twitter.com/Cryptolaemus1/status/1349088418442186758 abdindash.xyz/b/Yonhx/ altcomconstruction.com/wp-includes/or7/ baselinealameda.com/j/uoB/ cavallarigutters.com/samsung-chromebook-etswp/Wdeiub/ craku.tech/h/iXbreOs/ nicoblogroms.com/c/V9w0b5/ taradhuay.com/d/oT5uG/ # Reference: https://twitter.com/malware_traffic/status/1349100952649953283 http://161.49.84.2 angel2gether.de/BlutEngel/SpeechEngines/ # Reference: https://twitter.com/Cryptolaemus1/status/1349295458607394817 3d.unicorp.site/js/A1ew/ 3d.unicorp.site/js/GzVpMLaH/ christinewalker.org/wp-admin/Xt9SNHtExU/ huzurdugunsalonu.com/wp-content/Speech/ personal.unicorp.site/lang/System_32/ tmsvinhphuc.com/wp-content/SpeechEngines/ # Reference: https://twitter.com/VirITeXplorer/status/1349316114636017664 ancorals.com/aminophenol/Stationery/ eco-mykolaiv.info/f/debug/ ehteknology.com/wp-includes/en-US/ imedu.org/u/cV/ omarisouza.com/cgi-bin/Systems/ smartintelligentsolutions.com/content/microsoft/ # Reference: https://twitter.com/Cryptolaemus1/status/1349344528214466561 aryasamajmandirkanpur.com/cgi-bin/VcJK/ equipamentosmix.com/1/TRM/ lapiramideopticas.com/tesla-powerwall-ok3h2/kmJ/ lezz-etci.com/wp-content/mXxP/ music.mnahid.com/wp-admin/kCGrt8/ transfersuvan.com/wp-admin/yhUw0GU/ vedavacademy.com/wp-admin/7BHbH/ # Reference: https://twitter.com/Cryptolaemus1/status/1349365544185696259 abbc.tv/wp-content/Triedit/ asafina.co/wp-content/G3GLLO/ bluepassgt.com/von-weise-ludzp/DNNXcQcRTT/ globalruraldevelopmentagency.co.za/cgi-bin/inf/ larissarobles.com/wp-admin/SIGNUP/ trioconcuerda.es/cgi-bin/Services/ # Reference: https://twitter.com/Cryptolaemus1/status/1349368462397878272 cs.lcxxny.com/wp-includes/E3U8nn/ datawyse.net/0X3QY/ givingthanksdaily.com/CP/ ketorecipesfit.com/wp-admin/afanv/ makiyazhdoma.ru/blocked/tgEeW8M/ mertelofis.com/wp-content/As0/ trustseal.enamad.ir.redshopfa.com/admit/wJJvvG/ # Reference: https://www.virustotal.com/gui/file/6a493e8b5ff18bfa985491dff440f85ab81458e502477a4163d174b2f068d2a0/detection http://50.116.111.59 # Reference: https://twitter.com/Cryptolaemus1/status/1349434485213958148 adres-ug.ru/wp-admin/IItD/ ats-tx.com/old/f1X/ avanttipisos.com.br/catalogo-virtual/U/ bhar.com.br/elementos/MQfB/ mpeakecreations.co.za/cgi-bin/vVk1rw/ smkbudiagung.com/wp-content/VoPg04/ theraven.pk/overwolf-r6-vdace/UH4fL/ # Reference: https://www.virustotal.com/gui/file/5914d2b73a12434f181aecde03e27c755c5b3d9d87827381a5ac6cc6d1eeb72b/detection http://194.36.190.41 # Reference: https://www.virustotal.com/gui/file/b09074b0d262c73c66430e4e968ebee0cb946881c69d7b7fd8bc9130a1731482/detection californiaasa.com/californiaasa.com/8t/ dakarbuzz.net/css/CyKg/ djraisor.com/error/w7G3/ kharazmischl.com/w/ prestokitchens.com/recurringo/fRe/ viralbrown.com/e3c0ngfjc/N/ # Reference: https://otx.alienvault.com/pulse/600427f0c6a16dad430cdf71 taskok.com uudama.com uudati.com uuwise.com # Reference: https://www.virustotal.com/gui/file/885241694043444e59ddc1473d1d76cf05868569e8afe89d72757ca3178a006e/detection akybron.hu/wordpress/Triedit/ holonchile.cl/cgi-bin/System32/ members.nlbformula.com/cgi-bin/Microsoft.NET/ c210109.itourlife.top top-grandwinners.life # Reference: https://tria.ge/210120-dx7gmz813a calledtochange.org/CalledtoChange/8huSOd/ hbprivileged.com/cgi-bin/Qg/ mrveggy.com/wp-admin/n/ norailya.com/drupal/retAl/ riandutra.com/email/AfhE8z0/ teelekded.com/cgi-bin/LPo/ ummahstars.com/app_old_may_2018/assets/wDL8x/ # Reference: https://twitter.com/Cryptolaemus1/status/1351848817621139456 avz-pr.com/wp-includes/hJ/ cawada.com/wp-content/7httphttpUz0/ hilmagym.com/alden-s-ylxyau/Rljs3s/ sundargarhmirror.com/wp-content/sRu7KK/ surveycanada.xyz/wp-content/0sDDTy/ ultimatesoftwarenet.com/wp-content/upB/ yurdumaku.com/blogs/zQAwwA/ # Reference: https://twitter.com/Cryptolaemus1/status/1351849334443307010 edge-tech.uk/flacon/61RO7/ gmthearingsolution.com/cgi-bin/lrZkqL/ istanbulhaliyikamacim.com/content/I9Ogfopdi7/ ordertaker.jakagroup.com/2f77k7i6/E/ solicwebaps.azurewebsites.net/allam-cycle-1c4gn/KLBX/ taradhuay.com/d/It4Iwlo/ # Reference: https://twitter.com/Cryptolaemus1/status/1351849087428079617 achutamanasa.com/media/Te/ cashyinvestment.org/wp-content/21dIZ/ infoquick.co.uk/assets/h/ merkadito.mx/upload/6/ oftalmovilaplana.com/wp-includes/wfKu/ opticaquilin.cl/wp-includes/FFueL/ vilajansen.com.br/loja_old_1/p/ # Reference: https://twitter.com/Cryptolaemus1/status/1351863522184097794 buyitnowtoday.net/wp-admin/KI0K/ canadabrightway.com/wp-admin/n3 cometarabian.com/wp-includes/zFY6U/ convictionfitness.webdmcsolutions.com/wp-admin/gUb/ hbprivileged.com/cgi-bin/Qg/ intellisavvy.com/wp-admin/dRaG2H/ ketoresetme.com/wp-content/Rk4rz/ mrveggy.com/wp-admin/n/ perrasmoore.ca/wp-admin/rM6HK re2me.xyz/opt/Ds/ senbiaojita.com/wp-admin/iDlsc/ starkmotorracing.com/unhairer/nzFKm/ stormhansen.com/2556460492/if/ teelekded.com/cgi-bin/LPo/ thelambertagency.com/staging/Vo/ theo.digital/wp-admin/Zyl2/ trainwithconviction.com/wp-admin/y trainwithconviction.webdmcsolutions.com/wp-admin/rEEEU ummhttpstars.com/app_old_may_2018/assets/wDL8x/ upinsmokebatonrouge.com/var/Ux1V/ vassanaservices.com/TEST/V3/ # Reference: https://twitter.com/Cryptolaemus1/status/1351885794164822017 perrasmoore.ca/wp-admin/rM6HK/ # Reference: https://www.virustotal.com/gui/file/7a60e4259e05ae1b9f2879df13341ca27217d4aa9bbb542397ad1a96fa1dd581/detection # Reference: https://www.virustotal.com/gui/file/19ef1edfd5cbfb556945f30eddf23f1f707ec9de5959167e0863c0abf201f12b/detection 145.249.106.34:80 # Reference: https://tria.ge/210120-5ah1kwq3l6 115.21.224.117:80 12.175.220.98:80 162.241.204.233:8080 180.222.161.85:80 190.103.228.24:80 190.251.200.206:80 69.49.88.46:80 75.113.193.72:80 78.182.254.231:80 # Reference: https://twitter.com/Cryptolaemus1/status/1351923396083257344 # Reference: https://app.any.run/tasks/b2f93211-2c05-4062-a53b-968ab80dcd8c/ apsolution.work/magneti-marelli-zkkmb/toq7Eiy/ artistascitizen.com/wp-content/Bx3cr6/ careercoachconnection.com/tenderometer/4K/ happycheftv.com/wp-admin/z6uGcbY/ ombchardin.com/archive/V/ tacademicos.com/content/JbF68i/ zhongsijiacheng.com/wp-content/jn5/ # Reference: https://twitter.com/bomccss/status/1351835536390975490 ordertaker.jakagroup.com/2f77k7i6/E/ # Reference: https://twitter.com/Cryptolaemus1/status/1351950866811645955 abyssos.eu/wp-content/p/ bambathamobileloans.co.za/cgi-bin/X/ blog.tqdesign.vn/banner/uW/ buarf.com/vcds-throttle-w4z41/pqqn/ gieoduyen.vn/css/PxmtB/ vataas.com/3325390551/5W/ # Reference: https://twitter.com/Cryptolaemus1/status/1351994772433625088 abdo-alyemeni.com/wp-admin/seG6/ bardiastore.com/wp-admin/A1283/ dryaquelingrdo.com/wp-content/SI/ fabulousstylz.net/248152296/TpI/ giteslacolombiere.com/wp-admin/FV/ oxycode.net/wp-admin/x/ trendmoversdubai.com/cgi-bin/B73/ # Reference: https://twitter.com/Cryptolaemus1/status/1351992254177681410 cirteklink.com/F0xAutoConfig/1Zb4/ covisiononeness.org/new/F9v/ lionrockbatteries.com/wp-snapshots/C/ nimbledesign.miami/wp-admin/C/ oshiscafe.com/wp-admin/5Dm/ schmuckfeder.net/reference/ubpV/ xunhong.net/sys-cache/D0/ # Reference: https://twitter.com/Cryptolaemus1/status/1352006666263420928 academiaprogreso.com/cgi-bin/Z5/ casinos-hub.com/s/ZQhDyLF/ deoditas.com/n/FUEyoG/ mts2019-002-site9.gtempurl.com/wp-content/E/ newtop.one/responsives/z/ ocean4gamers.com/wp-content/GAuYf/ yahyalisayam.com/sys-cache/tAsw/ # Reference: https://twitter.com/K_N1kolenko/status/1352155154003480576 aqnym.top/wp-login/9ZvtYaLyhg/ bestcartdeal.com/wp-content/U12BbGPx2v/ chenqiaorong007.com/wp-content/inh1Q4eFMT/ hredoybangladesh.com/3948708181/l7/ qingniatouzi.com/wp-includes/Z4TFME0/ washcolsc.com/wp-admin/gRIWZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352199988084944896 bikemyday.se/wp-includes/FdM/ bookkeepingdoctor.co.uk/s/1EU/ deshbangla71news.com/wp-content/5M/ lubdeco.com/rocketlike/1IqoSgDG/ peritidiparte.org/administrator/XSboAD33/ vallerconstrutora.com.br/wp-content/uploads/vDIi0eYzz/ # Reference: https://pastebin.com/raw/aStRxhMw 143.0.85.206:7080 181.10.46.92:80 2.58.16.88:8080 200.75.39.254:80 201.185.69.28:443 206.189.232.2:8080 83.144.109.70:80 91.233.197.70:80 93.146.143.191:80 93.149.120.214:80 94.176.234.118:443 95.76.153.115:80 # Reference: https://urlhaus.abuse.ch/url/973026/ nhipcauytevietnhat.com/efficiency-all-iuehb/BJug3jyhuyilWhCQs3YksSaqQW7tpyvmYpb91wTZdbluIo1EKoPE5VrBbcx8zHDAR9YT/ # Reference: https://twitter.com/Cryptolaemus1/status/1352559200271028227 # Reference: https://twitter.com/Cryptolaemus1/status/1352559411135467527 cashstreamfinancial.com/wp-admin/23/ e-medglobal.com/wp-content/ludqf/ ecobaby.es/assets/MZIHkwyre/ elsadinc.com/wp-content/B/ inhaustyle.com/wp-admin/7OtP5/ jlzs.kuamn.com/a/B3Snr8A/ jolifm.com/new/5hkc3/ o7therapy.com/egyptian-comedy-hiiro/As0/ signinsolution.com/wp-content/Vr0/ technologydistilled.com/a-nurse-ss8d9/z/ wangke9.com/wp-includes/dCmiSx8y/ wp01.devanshp.com/sys-cache/8vejbVDx/ wz760.com/wp-admin/b/ # Reference: https://twitter.com/Cryptolaemus1/status/1352558882867081219 # Reference: https://twitter.com/VirITeXplorer/status/1352557164158738433 91yudao.com/wp-admin/KKHt1/ fifacoinsbox.com/wp-content/7gYt/ laymancoder.com/rustic-decor-1gbad/Us/ rbdck.com/wp-content/uploads/sucuri/lewfK/ seamart.info/alfacgiapi/q92A/ uagritech.com/cgi-bin/a5G/ yourcleanersurfaces.com/four-monks-acasz/O2my/ # Reference: https://twitter.com/Cryptolaemus1/status/1352581752385122310 admin.toppermaterial.com/js/jGcwS/ fultonandassociates.com/administrator/IUHeit/ notebook03.com/templates/G2Ay/ pcsaha.com/wp-content/fG1tM/ rosvt.com/img/9h1Q/ skver.net/benjamin-moore-xha9o/t/ zippywaytest.toppermaterial.com/wp-admin/wwbJ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352595532074643463 alugrama.com.mx/t/2/ armakonarms.com/wp-includes/fz/ bbjugueteria.com/s6kscx/Z/ bimception.com/wp-admin/sHy5t/ coworkingplus.es/wp-admin/FxmME/ homecass.com/wp-content/iF/ silkonbusiness.matrixinfotechsolution.com/js/q26/ # Reference: https://twitter.com/Cryptolaemus1/status/1352631537007734790 fab5associates.com/include/scIM/ ie-best.com/msm8909-custom-bgts5/eos6t3H/ iebest.online/1997-chevy-aiz00/RFrTE68/ iebest.org/hoefler-bold-zify4/ia/ originpart.com/wp-content/acStl/ singleworld-online.com/img/DeeAt/ slowdtech.net/shop/wLZ4yw/ # Reference: https://twitter.com/Cryptolaemus1/status/1352643524404117505 e-wdesign.eu/wood-stove-x7iww/R1SMs1v/ micronews.eu/crankshaft-pulley-i5aio/Tlp/ ofert-al.com/wp-content/t9hVViBde/ relatedgrouptest.com/OurTime/culeTFa3v/ schmuckfedern.info/reference/0HlBBg8/ transal.eu/netgear-wifi-qzvv4/1j7XZ/ # Reference: https://twitter.com/Cryptolaemus1/status/1352700749164269568 boomarketer.com/wp-content/6/ crooks-taylor.com/1676470973/1/ lvnskin.com/h/IB/ nadysa.com/wp-content/Almet/ rabiei.fun/eidl-reconsideration-bs3lu/feoOiAO/ rex.tasmiragroup.com/wp-includes/un6G/ whitetheme.xyz/wp-content/q8H/ # Generic trails /ringin/ /meecpy20181/ /s_w6_h2gc/ /o_wle6_cyuobdkxwm/ /3vzc_oj94_q3v42ns4nb/ /4ots_c9x_ty/ /cx8yyu/ /ofoJX/ /vXl0kcy/ /56mt6s8/SiP/ /dovij7lgjd/ /info/Qmy4/ /otul6pg/eyhG/ /twitter-api/a_fx/ /private/hWJAF4yBv7/ /wordpress/VKj/ /wordpress_e/xh/ /wp-admin/7mRmsM/ /wp-admin/AYO/ /wp-admin/nBJ/ /wp-content/AKgD/ /wp-content/Ds_G/ /wp-content/ehiZ/ /wp-content/o_qO/ /wp-content/ZhG/